cvedb.io
CVE-2025-66473
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2025-12-10T22:16:27.850 · Last modified 2026-06-17T09:56:53.877

Summary

XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1 through 17.6.0 contain a REST API which doesn't enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of pages in the wiki and the memory configuration, this can lead to slowness and unavailability of the wiki. As an example, the /rest/wikis/xwiki/spaces resource returns all spaces on the wiki by default, which are basically all pages. This issue is fixed in versions 17.4.4 and 16.10.11.

Affected products

xwiki — xwiki

Does this affect you?

Add your gear to cvedb and we'll alert you only when xwiki ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.