How severe is CVE-2025-29926?

This vulnerability has a severity rating of HIGH with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2025-29926?

This is classified as CWE-285, which is a common weakness in software security.

CVE-2025-29926 - HIGH Severity | CVSS 9.8

Vulnerability Description

XWiki Platform is a generic wiki platform. Prior to 15.10.15, 16.4.6, and 16.10.0, any user can exploit the WikiManager REST API to create a new wiki, where the user could become an administrator and so performs other attacks on the farm. Note that this REST API is not bundled in XWiki Standard by default: it needs to be installed manually through the extension manager. The problem has been patched in versions 15.10.15, 16.4.6 and 16.10.0 of the REST module.

Related Vulnerabilities

CVE-2015-3954

CRITICAL

CVSS:9.8(Critical)

Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges o...

CWE-2852015

CVE-2015-5463

CRITICAL

CVSS:9.8(Critical)

AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through ar...

CWE-2852015

CVE-2016-0922

CRITICAL

CVSS:9.8(Critical)

EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack.

CWE-2852016

CVE-2016-10734

CRITICAL

CVSS:9.8(Critical)

ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php.

CWE-2852016

CVE-2016-5799

CRITICAL

CVSS:9.8(Critical)

Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain acce...

CWE-2852016

CVE-2016-6825

CRITICAL

CVSS:9.8(Critical)

Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC6...

CWE-2852016