CVE-2025-55749
📋 TL;DR
This vulnerability in XWiki Jetty package (XJetty) exposes a context that allows static access to any file in the webapp/ folder. Attackers can potentially access sensitive files containing credentials. Affects XWiki instances using XJetty package within specific version ranges.
💻 Affected Systems
- XWiki with XJetty package
📦 What is this software?
Xwiki by Xwiki
Xwiki by Xwiki
Xwiki by Xwiki
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain access to configuration files containing database credentials, API keys, or other secrets, leading to complete system compromise.
Likely Case
Unauthorized access to sensitive files containing credentials or configuration data, potentially enabling further attacks.
If Mitigated
Limited impact if proper file permissions and access controls are in place, but still exposes directory structure.
🎯 Exploit Status
Exploitation appears straightforward - accessing specific context paths to retrieve files. No authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 16.10.11, 17.4.4, and 17.7.0
Vendor Advisory: https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-53gx-j3p6-2rw9
Restart Required: Yes
Instructions:
1. Identify your XWiki version. 2. Upgrade to fixed version: 16.10.11, 17.4.4, or 17.7.0 depending on your branch. 3. Restart XWiki service. 4. Verify the fix by checking version and testing file access.
🔧 Temporary Workarounds
Remove sensitive files from webapp/
linuxMove or remove any sensitive files containing credentials from the webapp/ directory
# Move sensitive files to secure location
mv /path/to/xwiki/webapp/*.properties /secure/location/
# Set restrictive permissions on remaining files
chmod 600 /path/to/xwiki/webapp/*
Configure web server restrictions
allAdd access restrictions to prevent direct file access through web server configuration
# Example for Apache .htaccess
Order deny,allow
Deny from all
🧯 If You Can't Patch
- Implement strict network access controls to limit who can access the XWiki instance
- Monitor access logs for unusual file access patterns and implement file integrity monitoring
🔍 How to Verify
Check if Vulnerable:
Check if running affected XWiki version (16.7.0-16.10.11, 17.4.4, or 17.7.0) and using XJetty package. Attempt to access files via webapp context.Check Version:
Check XWiki administration panel or view /xwiki/bin/view/Main/AboutVerify Fix Applied:
After patching, verify version is 16.10.11, 17.4.4, or 17.7.0. Test that file access via webapp context is no longer possible.📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to webapp/ directory files
- Requests to context paths that shouldn't be accessible
- Multiple failed attempts followed by successful file access
Network Indicators:
- HTTP requests to paths containing 'webapp' or file extensions like .properties, .xml, .conf
SIEM Query:
source="xwiki_access.log" AND (uri="*webapp*" OR uri="*.properties" OR uri="*.xml" OR uri="*.conf") AND response=200🔗 References
- https://github.com/xwiki/xwiki-platform/commit/42fb063749dd88cc78196f72d7318b7179285ebd
- https://github.com/xwiki/xwiki-platform/commit/99a04a0e2143583f5154a43e02174155da7e8e10
- https://github.com/xwiki/xwiki-platform/compare/8b68d8a70b43f25391b3ee48477d7eb71b95cf4b...99a04a0e2143583f5154a43e02174155da7e8e10
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-53gx-j3p6-2rw9
- https://jira.xwiki.org/browse/XWIKI-23438
