Is org.xwiki.platform:xwiki-platform-distribution-war affected by CVE-2025-32429?

Maven org.xwiki.platform:xwiki-platform-distribution-war is affected in >=9.4-rc-1 =17.0.0-rc-1 <17.3.0-rc-1.

Is CVE-2025-32429 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 84.6%.

critical

CVE-2025-32429

Q: Is CVE-2025-32429 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 84.6%.

Maven · org.xwiki.platform:xwiki-platform-distribution-war

Summary

XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter

Severity: critical
EPSS: 84.6% (p100)
Also known as: GHSA-vr59-gm53-v7cq
Published: 2025-07-24

References

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vr59-gm53-v7cq
https://nvd.nist.gov/vuln/detail/CVE-2025-32429
https://github.com/xwiki/xwiki-platform/commit/dfd0744e9c18d24ac66a0d261dc6cafd1c209101

Related advisories

CVE-2024-55663 — high · Maven/org.xwiki.platform:xwiki-platform-distribution-war
CVE-2024-21651 — high · Maven/org.xwiki.platform:xwiki-platform-distribution-war

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.