Is org.xwiki.platform:xwiki-platform-security-requiredrights-default affected by CVE-2025-32974?

Maven org.xwiki.platform:xwiki-platform-security-requiredrights-default is affected in >=15.9-rc-1 =16.0.0-rc-1 <16.2.0.

Is CVE-2025-32974 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.3%.

critical

CVE-2025-32974

Q: Is CVE-2025-32974 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.3%.

Maven · org.xwiki.platform:xwiki-platform-security-requiredrights-default

Summary

org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type

Severity: critical
EPSS: 0.3% (p20)
Also known as: GHSA-mvgm-3rw2-7j4r
Published: 2025-04-29

References

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mvgm-3rw2-7j4r
https://nvd.nist.gov/vuln/detail/CVE-2025-32974
https://github.com/xwiki/xwiki-platform/commit/153dbfa2ef1a7a0a644fe3f889684c6a8738c5fc

Related advisories

CVE-2025-49585 — high · Maven/org.xwiki.platform:xwiki-platform-security-requiredrights-default
CVE-2025-49582 — high · Maven/org.xwiki.platform:xwiki-platform-security-requiredrights-default

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.