Miggo Logo
Miggo Vulnerability Database
CVE-2025-49594

CVE-2025-49594: XWiki OIDC Authenticator: Users with "view" access can create tokens for any users they can view

N/A

CVSS Score

Basic Information

CVE ID
CVE-2025-49594
GHSA ID
GHSA-f2hf-pfrj-vrm7
EPSS Score
-
CWE
CWE-285
Published
10/6/2025
Updated
10/6/2025
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.xwiki.contrib.oidc:oidc-authenticatormaven>= 2.17.1, < 2.18.22.18.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis:
In progress

WAF Protection Rules

WAF Rule

### Imp**t *nyon* wit* VI*W ****ss to * us*r pro*il* **n *r**t* * tok*n *or t**t us*r. I* t**t XWiki inst*n** is *on*i*ur** to *llow tok*n *ut**nti**tion, it *llows *ut**nti**tion wit* *ny us*r (sin** us*rs *r* v*ry *ommonly vi*w**l*, *t l**st to ot

Reasoning

No *n*lysis *v*il**l*