How severe is CVE-2025-32971?

This vulnerability has a severity rating of LOW with a CVSS score of 3.8 out of 10.

What type of vulnerability is CVE-2025-32971?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2025-32971 - LOW Severity | CVSS 3.8

Vulnerability Description

XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr script service that is accessible in XWiki's scripting API normally requires programming rights to be called. Due to using the wrong API for checking rights, it doesn't take the fact into account that programming rights might have been dropped by calling `$xcontext.dropPermissions()`. If some code relies on this for the safety of executing Velocity code with the wrong author context, this could allow a user with script rights to either cause a high load by indexing documents or to temporarily remove documents from the search index. This issue has been patched in versions 15.10.13, 16.4.4, and 16.8.0-rc-1.

Related Vulnerabilities

CVE-2020-6752

LOW

CVSS:3.8(Low)

In OMERO before 5.6.1, group owners can access members' data in other groups.

CWE-8632020

CVE-2022-0333

LOW

CVSS:3.8(Low)

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any ca...

CWE-8632022

CVE-2023-0091

LOW

CVSS:3.8(Low)

A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitiv...

CWE-8632023

CVE-2024-39324

LOW

CVSS:3.8(Low)

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access control allows a editors to ...

CWE-8632024

CVE-2024-55592

LOW

CVSS:3.8(Low)

An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all ve...

CWE-8632024

CVE-2025-21546

LOW

CVSS:3.8(Low)

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Eas...

CWE-8632025