CVE-2025-52472: 
Java vulnerability analysis and mitigation

CVE-2025-52472 affects XWiki Platform, a generic wiki platform offering runtime services for applications. The vulnerability exists from version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0. The issue involves an HQL injection vulnerability in the REST search URL via the orderField parameter (GitHub Advisory).

The vulnerability allows HQL injection through the REST search URL's orderField parameter. The specified value is added twice in the query - once in the field list for the select and once in the order clause. While exploitation is complex, the part of the query between the two fields can be enclosed in single quotes to effectively remove them, though the query still needs to remain valid with the query appearing twice. The vulnerability has been assigned a CVSS v4.0 score of 9.3 (Critical) with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N (GitHub Advisory).

The vulnerability could potentially allow attackers to execute arbitrary HQL queries, which could lead to unauthorized access to data, data manipulation, or other security compromises. The CVSS score indicates high potential impact on confidentiality, integrity, and availability of the vulnerable system (GitHub Advisory).

The vulnerability has been patched in versions 17.5.0, 17.4.2, and 16.10.9. There are no known workarounds other than upgrading to a patched version of XWiki (GitHub Advisory).