XWiki-Platform - Path Traversal (CVE-2025-55748)

CVE-2025-55748 is a critical vulnerability in XWiki Platform versions 4.2-milestone-2 through 16.10.6 that allows unauthenticated attackers to access sensitive configuration files via specially crafted URLs targeting jsx and sx endpoints. Exploiting this flaw could expose confidential settings and credentials, potentially leading to further compromise of the affected system.

CrowdSec has been tracking this vulnerability and its exploits since 29th of October 2025.

CrowdSec network observations suggest that most exploitation of CVE-2025-55748 involves focused reconnaissance to identify viable targets. Attackers typically tailor their campaigns based on system exposure and configuration. It is unlikely that a given attack is accidental. Data from the CrowdSec community also indicates a gradual decrease in attacks targeting CVE-2025-55748. While still present in the wild, exploitation levels have dropped noticeably week-over-week. This may signal that the vulnerability is becoming less relevant or that defenses are improving fast enough for attackers to lose interest.

Attackers exploit the /bin/ssx/Main/WebHome endpoint with a resource parameter containing path traversal sequences (e.g., ../../WEB-INF/xwiki.cfg) to read sensitive configuration files from vulnerable XWiki Platform instances.