How severe is CVE-2025-32783?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2025-32783?

This is classified as CWE-668, which is a common weakness in software security.

CVE-2025-32783 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

XWiki Platform is a generic wiki platform. A vulnerability in versions from 5.0 to 16.7.1 affects users with Message Stream enabled and a wiki configured as closed from selecting "Prevent unregistered users to view pages" in the Administrations Rights. The vulnerability is that any message sent in a subwiki to "everyone" is actually sent to the farm: any visitor of the main wiki will be able to see that message through the Dashboard, even if the subwiki is configured to be private. This issue will not be patched as Message Stream has been deprecated in XWiki 16.8.0RC1 and is not maintained anymore. A workaround for this issue involves keeping Message Stream disabled by default. It's advised to keep it disabled from Administration > Social > Message Stream.

Related Vulnerabilities

CVE-2019-10365

MEDIUM

CVSS:4.3(Medium)

Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permi...

CWE-6682019

CVE-2019-16518

MEDIUM

CVSS:4.3(Medium)

An issue was discovered on Swell Kit Mod devices that use the Vandy Vape platform. An attacker may be able to trigger an unintended temperature in the victim's mouth and throat via Bluetooth Low Energ...

CWE-6682019

CVE-2020-26086

MEDIUM

CVSS:4.3(Medium)

A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, remote attacker to gain access to sensitive information on an ...

CWE-6682020

CVE-2020-4989

MEDIUM

CVSS:4.3(Medium)

IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM...

CWE-6682020

CVE-2020-6442

MEDIUM

CVSS:4.3(Medium)

Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CWE-6682020

CVE-2020-6490

MEDIUM

CVSS:4.3(Medium)

Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page.

CWE-6682020