ByteOS Network

CVE Vulnerability Details :

CVE-2025-54990

PUBLISHED

More Info Official Page

Assigner-GitHub_M

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-18 Nov, 2025 | 22:13

Updated At-19 Nov, 2025 | 21:03

▼CVE Numbering Authority (CNA)

XWiki AdminTools application doesn't set permissions on the AdminTools space

XWiki AdminTools integrates administrative tools for managing a running XWiki instance. Prior to version 1.1, users without admin rights have access to AdminTools.SpammedPages. View rights are not restricted only to admin users for AdminTools.SpammedPages. While no data is visible to non admin users, the page is still accessible. This issue has been patched in version 1.1. A workaround involves setting the view rights for the AdminTools space to be only available for the XWikiAdminGroup.

Affected Products

Vendor

XWiki SAS

Product

application-admintools

Versions

Affected

< 1.1

Problem Types

Type	CWE ID	Description
CWE	CWE-276	CWE-276: Incorrect Default Permissions

Type: CWE

CWE ID: CWE-276

Description: CWE-276: Incorrect Default Permissions

Metrics

Version	Base score	Base severity	Vector
3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

Hyperlink	Resource
https://github.com/xwikisas/application-admintools/security/advisories/GHSA-v7r8-8p5c-h4xw	x_refsource_CONFIRM

Hyperlink: https://github.com/xwikisas/application-admintools/security/advisories/GHSA-v7r8-8p5c-h4xw

Resource:

x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References