CVE-2025-46554 PoC — XWiki Platform 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-46554.yaml

Associated Vulnerability

Title:XWiki Platform 安全漏洞 (CVE-2025-46554)
Description:XWiki Platform是XWiki开源的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform存在安全漏洞，该漏洞源于附件元数据访问控制不当，可能导致信息泄露。以下版本受到影响：1.8.1至14.10.22之前版本、15.0-rc-1至15.10.12之前版本、16.0.0-rc-1至16.4.3之前版本和16.5.0-rc-1至16.7.0之前版本。

Description

A vulnerability in XWiki's REST API allows unauthenticated users to access attachments list and metadata through the attachments endpoint. This could lead to disclosure of sensitive information stored in attachments metadata.

File Snapshot


 id: CVE-2025-46554

info:
  name: XWiki REST API - Attachments Disclosure
  author: ritikchaddha
  s

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!