What is the severity of CVE-2025-29925?

CVE-2025-29925 has a high severity rating due to exposure of protected pages through REST endpoints.

How do I fix CVE-2025-29925?

To fix CVE-2025-29925, upgrade to XWiki Platform versions 15.10.14, 16.4.6, or 16.10.0-rc-1 or later.

What are the affected versions of XWiki Platform in CVE-2025-29925?

The affected versions are all prior to 15.10.14, 16.4.6, and 16.10.0-rc-1.

What type of vulnerability is CVE-2025-29925?

CVE-2025-29925 is a REST API exposure vulnerability affecting access to protected pages.

Can CVE-2025-29925 affect user privacy?

Yes, CVE-2025-29925 can potentially compromise user privacy by exposing protected content to unauthorized users.

Vulnerability/
CVE-2025-29925

high

8.7

CWE

402

19/3/2025

CVE-2025-29925: XWiki allows unregistered users to access private pages information through REST endpoint

First published: Wed Mar 19 2025(Updated: )

XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, protected pages are listed when requesting the REST endpoints /rest/wikis/[wikiName]/pages even if the user doesn't have view rights on them. It's particularly true if the entire wiki is protected with "Prevent unregistered user to view pages": the endpoint would still list the pages of the wiki, though only for the main wiki. The problem has been patched in XWiki 15.10.14, 16.4.6, 16.10.0RC1. In those versions the endpoint can still be requested but the result is filtered out based on pages rights.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
XWiki Platform	<15.10.14<16.4.6<16.10.0-rc-1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-29925?
CVE-2025-29925 has a high severity rating due to exposure of protected pages through REST endpoints.
How do I fix CVE-2025-29925?
To fix CVE-2025-29925, upgrade to XWiki Platform versions 15.10.14, 16.4.6, or 16.10.0-rc-1 or later.
What are the affected versions of XWiki Platform in CVE-2025-29925?
The affected versions are all prior to 15.10.14, 16.4.6, and 16.10.0-rc-1.
What type of vulnerability is CVE-2025-29925?
CVE-2025-29925 is a REST API exposure vulnerability affecting access to protected pages.
Can CVE-2025-29925 affect user privacy?
Yes, CVE-2025-29925 can potentially compromise user privacy by exposing protected content to unauthorized users.

collector/mitre-cve
source/MITRE
agent/title
agent/weakness
agent/references
agent/type
agent/description
agent/first-publish-date
agent/guess-ai
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-api
source/NVD
agent/last-modified-date
agent/severity
agent/author
agent/source
agent/tags
agent/event
vendor/xwiki
canonical/xwiki platform

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.