CVE-2025-32970
org.xwiki.platform:xwiki-platform-wysiwyg-api Open Redirect vulnerability
描述
### Impact An open redirect vulnerability in the HTML conversion request filter allows attackers to construct URLs on an XWiki instance that redirect to any URL. To reproduce, open `<xwiki-host>/xwiki/bin/view/Main/?foo=bar&foo_syntax=invalid&RequiresHTMLConversion=foo&xerror=https://www.example.com/` where `<xwiki-host>` is the URL of your XWiki installation. ### Patches This bug has been fixed in XWiki 15.10.13, 16.4.4 and 16.8.0 by validating the domain of the redirect URL against the configured safe domains and the current request's domain. ### Workarounds A web application firewall could be configured to reject requests with the `xerror` parameter as from our analysis this parameter isn't used anymore. For requests with the `RequiresHTMLConversion` parameter set, the referrer URL should be checked if it points to the XWiki installation. Apart from that, we're not aware of any workarounds.
如何修補 CVE-2025-32970
要修補 CVE-2025-32970,請將受影響套件升級到下列已修補版本。
- —升級至 15.10.13 或更新版本
CVE-2025-32970 正在被利用嗎?
低 — EPSS 為 0.1%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- >= 13.5-rc-1, < 15.10.13
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |