{"id":33985,"date":"2025-04-30T18:11:28","date_gmt":"2025-04-30T18:11:28","guid":{"rendered":""},"modified":"2025-05-10T18:19:09","modified_gmt":"2025-05-10T18:19:09","slug":"cve-2025-32968-vulnerability-in-xwiki-platform-allows-sql-injection","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-32968-vulnerability-in-xwiki-platform-allows-sql-injection\/","title":{"rendered":"CVE-2025-32968: Vulnerability in XWiki platform allows SQL Injection<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The Common Vulnerabilities and Exposures (CVE) system has recently reported an alarming vulnerability, CVE-2025-32968, within the XWiki platform. XWiki is a widely used wiki platform used by businesses and organizations across the globe for collaborative work, information sharing, and document management. The vulnerability lies within its versions<\/a> starting from 1.6-milestone-1 to before 15.10.16, 16.4.6, and 16.10.1. This vulnerability is significant because it allows for a blind SQL<\/a> injection that could potentially compromise the system and lead to data leakage.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-32968
\nSeverity: High (CVSS: 8.8)
\nAttack Vector: Network
\nPrivileges Required: Low
\nUser Interaction: Required
\nImpact: System compromise<\/a>, data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n