Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.xwiki.platform/xwiki-platform-oldcore@16.10.3
Typemaven
Namespaceorg.xwiki.platform
Namexwiki-platform-oldcore
Version16.10.3
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version16.10.5
Latest_non_vulnerable_version17.10.1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-4n2t-crsf-87gr
vulnerability_id VCID-4n2t-crsf-87gr
summary 
XWiki allows remote code execution through preview of XClass changes in AWM editor
### Impact
Any XWiki user with edit right on at least one App Within Minutes application (the default for all users XWiki) can obtain programming right/perform remote code execution by editing the application. The detailed reproduction steps can be found in the [original bug report](https://jira.xwiki.org/browse/XWIKI-22719).

### Patches
This vulnerability has been fixed in XWiki 17.0.0, 16.4.7, and 16.10.3.

### Workarounds
Restricting edit rights on all existing App Within Minutes applications to trusted users mitigates at least the PoC exploit, but we can't exclude that there are other ways to exploit this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-49586
reference_id
reference_type
scores
0
value 0.04551
scoring_system epss
scoring_elements 0.89162
published_at 2026-04-04T12:55:00Z
1
value 0.04551
scoring_system epss
scoring_elements 0.89147
published_at 2026-04-02T12:55:00Z
2
value 0.04551
scoring_system epss
scoring_elements 0.89182
published_at 2026-04-08T12:55:00Z
3
value 0.04551
scoring_system epss
scoring_elements 0.89165
published_at 2026-04-07T12:55:00Z
4
value 0.09249
scoring_system epss
scoring_elements 0.92725
published_at 2026-04-13T12:55:00Z
5
value 0.09249
scoring_system epss
scoring_elements 0.9272
published_at 2026-04-09T12:55:00Z
6
value 0.09249
scoring_system epss
scoring_elements 0.92726
published_at 2026-04-11T12:55:00Z
7
value 0.09249
scoring_system epss
scoring_elements 0.92743
published_at 2026-04-24T12:55:00Z
8
value 0.09249
scoring_system epss
scoring_elements 0.9274
published_at 2026-04-21T12:55:00Z
9
value 0.09249
scoring_system epss
scoring_elements 0.92736
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-49586
1
reference_url https://github.com/xwiki/xwiki-platform
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-platform
2
reference_url https://github.com/xwiki/xwiki-platform/commit/ef978315649cf83eae396021bb33603a1a5f7e42
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-13T18:07:25Z/
url https://github.com/xwiki/xwiki-platform/commit/ef978315649cf83eae396021bb33603a1a5f7e42
3
reference_url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jp4x-w9cj-97q7
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-13T18:07:25Z/
url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jp4x-w9cj-97q7
4
reference_url https://jira.xwiki.org/browse/XWIKI-22719
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-13T18:07:25Z/
url https://jira.xwiki.org/browse/XWIKI-22719
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-49586
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-49586
6
reference_url https://github.com/advisories/GHSA-jp4x-w9cj-97q7
reference_id GHSA-jp4x-w9cj-97q7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jp4x-w9cj-97q7
fixed_packages
0
url pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@16.4.7
purl pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@16.4.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@16.4.7
1
url pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@16.10.3
purl pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@16.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@16.10.3
2
url pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@17.0.0
purl pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@17.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@17.0.0
aliases CVE-2025-49586, GHSA-jp4x-w9cj-97q7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4n2t-crsf-87gr
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@16.10.3