CVE-2025-55749 PoC — XWiki Platform 访问控制错误漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-55749.yaml

Associated Vulnerability

Title:XWiki Platform 访问控制错误漏洞 (CVE-2025-55749)
Description:XWiki Platform是XWiki开源的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform 16.7.0版本至16.10.11版本、17.4.4版本和17.7.0版本存在访问控制错误漏洞，该漏洞源于XJetty包暴露上下文可能导致访问包含凭据的文件。

Description

XWiki 16.7.0 to 16.10.11, 17.4.4, and 17.7.0 using XJetty contains an information disclosure vulnerability caused by exposed context allowing static access to files in webapp/ folder, letting attackers access sensitive files, exploit requires use of XJetty package.

File Snapshot


 id: CVE-2025-55749

info:
  name: XWiki - Information Disclosure
  author: DhiyaneshDk
  severity: h

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!