Vulnerability DatabaseCVE-2025-48885
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-48885
May 30, 2025
application-urlshortener create shortened URLs for XWiki pages. Versions prior to 1.2.4 are vulnerable to users with view access being able to create arbitrary pages. Any user (even guests) can create these docs, even if they don't exist already. This can enable guest users to denature the structure of wiki pages, by creating 1000's of pages with random name, that then become very difficult to handle by admins. Version 1.2.4 fixes the issue. No known workarounds are available.
Affected Packages
https://github.com/xwikisas/application-urlshortener.git (GITHUB):
Affected version(s) >=application-urlshortener-1.0 <application-urlshortener-1.2.4
Fix Suggestion:
Update to version application-urlshortener-1.2.4
Related ResourcesĀ (2)
https://github.com/xwikisas/application-urlshortener/commit/f121a9c973fd25948e82efcb6289d53fe00a9e7d
https://github.com/xwikisas/application-urlshortener/security/advisories/GHSA-c57g-9v2r-w8v3
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
HIGH
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
Exploit Maturity
POC
CVSS v3
Base Score:
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
NONE
Weakness Type (CWE)
Cross-Site Request Forgery (CSRF)
CWE-352
EPSS
Base Score:
0.03