XWiki Platform Security Update Advisory

Sep 10 2025

Overview

We have released a security update to address a vulnerability in XWiki Platform. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-55747

XWiki Platform Versions: 6.1-milestone-2 or later but before 16.10.7
XWiki Platform Version: 17.0.0-rc-1 or later but not earlier than 17.4.0-rc-1

CVE-2025-55748

XWiki Platform Version: 4.2-milestone-2 or later but before 16.10.7
XWiki Platform Version: 17.0.0-rc-1 or later but before 17.4.0-rc-1

Resolved Vulnerabilities

Path Bypass Vulnerability in xwiki-platform-webjars-api (CVE-2025-55747)
Path Bypass Vulnerability in xwiki-platform-skin-skinx (CVE-2025-55748)

Vulnerability Patches

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

Cve-2025-55747 , cve-2025-55748

XWiki Platform Version: 16.10.7
XWiki Platform Version : 17.4.0-rc-1

References

[1] Configuration files can be accessed through webjars API
https://jira.xwiki.org/browse/XWIKI-19350
[2] Configuration files can be accessed through jsx and sx endpoints
https://jira.xwiki.org/browse/XWIKI-23109

XWiki Platform Security Update Advisory

NVIDIA Product Security Update Advisory

Adobe Product Suite September 2025 Routine Security Update Advisory

Tags:

NVIDIA Product Security Update Advisory

Adobe Product Suite September 2025 Routine Security Update Advisory