How severe is CVE-2025-29925?

This vulnerability has a severity rating of HIGH with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2025-29925?

This is classified as CWE-402, which is a common weakness in software security.

CVE-2025-29925 - HIGH Severity | CVSS 5.3

Vulnerability Description

XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, protected pages are listed when requesting the REST endpoints /rest/wikis/[wikiName]/pages even if the user doesn't have view rights on them. It's particularly true if the entire wiki is protected with "Prevent unregistered user to view pages": the endpoint would still list the pages of the wiki, though only for the main wiki. The problem has been patched in XWiki 15.10.14, 16.4.6, 16.10.0RC1. In those versions the endpoint can still be requested but the result is filtered out based on pages rights.

Related Vulnerabilities

CVE-2023-4569

MEDIUM

CVSS:5.5(Medium)

A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause double-deactivations of catchall elements, w...

CWE-4022023

CVE-2024-0443

MEDIUM

CVSS:5.5(Medium)

A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is on...

CWE-4022024

CVE-2022-30231

MEDIUM

CVSS:4.3(Medium)

A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions...

CWE-4022022

CVE-2023-38509

MEDIUM

CVSS:4.3(Medium)

XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation con...

CWE-4022023

CVE-2017-8442

MEDIUM

CVSS:6.5(Medium)

Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL ke...

CWE-4022017

CVE-2024-47146

HIGH

CVSS:6.5(Medium)

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal.

CWE-4022024