XWiki OIDC Authenticator vulnerable to creation of token for any...

9.2 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Starting in version 2.17.1 and prior to version 2.18.2, anyone with VIEW access to a user profile can create a token for that user. If that XWiki instance is configured to allow token authentication, it allows authentication with any user (since users are very commonly viewable, at least to other registered users). Version 2.18.2 contains a patch. As a workaround, disable token access.

Basic Information

ID CVE-2025-49594

Source GitHub_M

Published Oct 6, 2025 at 14:48

Modified Oct 6, 2025 at 14:56

Affected Product

Vendor xwiki-contrib

Product oidc

Version >= 2.17.1, < 2.18.2

Affected Versions xwiki-contrib oidc >= 2.17.1, < 2.18.2

CWE Classification

CWE-285

References

{
    "lastseen": "",
    "description": "XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Starting in version 2.17.1 and prior to version 2.18.2, anyone with VIEW access to a user profile can create a token for that user. If that XWiki instance is configured to allow token authentication, it allows authentication with any user (since users are very commonly viewable, at least to other registered users). Version 2.18.2 contains a patch. As a workaround, disable token access.",
    "published": "2025-10-06T14:48:43.609Z",
    "modified": "2025-10-06T14:56:23.000Z",
    "type": "cve",
    "title": "XWiki OIDC Authenticator vulnerable to creation of token for any user with just `view` right",
    "source": "GitHub_M",
    "references": "https://github.com/xwiki-contrib/oidc/security/advisories/GHSA-f2hf-pfrj-vrm7\nhttps://github.com/xwiki-contrib/oidc/commit/d90d717172283aaa96bb5bb44e357f910ae64adb\nhttps://jira.xwiki.org/browse/OIDC-240",
    "id": "CVE-2025-49594",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285"
    ],
    "cvelist": null,
    "sourceData": "xwiki-contrib oidc >= 2.17.1, < 2.18.2",
    "sourceHref": "",
    "cvss": {
        "score": 9.2,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "oidc",
    "version": ">= 2.17.1, < 2.18.2",
    "vendor": "xwiki-contrib",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

XWiki OIDC Authenticator vulnerable to creation of token for any user with just `view` right_CVE-2025-49594