XWiki-Platform - Improper Access Control (CVE-2025-55749)

CVE-2025-55749 is a high-severity vulnerability in XWiki's Jetty package (XJetty) that allows unauthenticated attackers to statically access any file within the webapp/ directory, including files that may contain sensitive credentials. This flaw could be exploited remotely to steal confidential information, potentially leading to further compromise of the affected XWiki instance.

CrowdSec has been tracking this vulnerability and its exploits since 7th of January 2026.

CrowdSec network observations suggest that most exploitation of CVE-2025-55749 involves focused reconnaissance to identify viable targets. Attackers typically tailor their campaigns based on system exposure and configuration. It is unlikely that a given attack is accidental. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2025-55749 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2025-55749 is currently experiencing high visibility and active exploitation across the internet.

Attackers exploit this vulnerability by sending requests to URLs containing /webapps/xwiki/WEB-INF/xwiki.properties to access sensitive configuration files within the XWiki web application. This targets deployments using the XJetty package and can lead to information disclosure.