CVE-2025-27604

{"id": "CVE-2025-27604", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-07T17:15:22.290", "references": [{"url": "https://github.com/xwikisas/application-confluence-migrator-pro/commit/6ced42b1f341fd0ce6734fc58c7d694da5f365fb", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/xwikisas/application-confluence-migrator-pro/security/advisories/GHSA-3w9f-2pph-j5vc", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. The homepage of the application is public which enables a guest to download the package which might contain sensitive information. This vulnerability is fixed in 1.11.7."}, {"lang": "es", "value": "XWiki Confluence Migrator Pro ayuda a los administradores a importar paquetes de Confluence a su instancia de XWiki. La p\u00e1gina de inicio de la aplicaci\u00f3n es p\u00fablica, lo que permite que un invitado descargue el paquete que podr\u00eda contener informaci\u00f3n confidencial. Esta vulnerabilidad se solucion\u00f3 en la versi\u00f3n 1.11.7."}], "lastModified": "2025-03-13T14:40:27.713", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xwiki:confluence_migrator:*:*:*:*:pro:xwiki:*:*", "vulnerable": true, "matchCriteriaId": "C80FC532-BB0A-4403-8EC6-59E4FB2BF4D5", "versionEndExcluding": "1.11.7"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}