CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-27604: XWiki Confluence Migrator Pro's homepage is public

7.5 CVSS

Description

XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. The homepage of the application is public which enables a guest to download the package which might contain sensitive information. This vulnerability is fixed in 1.11.7.

Classification

CVE ID: CVE-2025-27604

CVSS Base Severity: HIGH

CVSS Base Score: 7.5

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem Types

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Affected Products

Vendor: xwikisas

Product: application-confluence-migrator-pro

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 11.6% (scored less or equal to compared to others)

EPSS Date: 2025-04-05 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-27604
https://github.com/xwikisas/application-confluence-migrator-pro/security/advisories/GHSA-3w9f-2pph-j5vc
https://github.com/xwikisas/application-confluence-migrator-pro/commit/6ced42b1f341fd0ce6734fc58c7d694da5f365fb

Timeline

2025-03-07 17:40:19 UTC
CVE

XWiki Confluence Migrator Pro's homepage is public