Cyber Resilience

CVE-2025-27604

High

Published: 07 March 2025

Published
07 March 2025
Modified
13 March 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0059 69.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27604 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Xwiki Confluence Migrator. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Confluence (T1213.001); ranked in the top 30.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-22 (Publicly Accessible Content).

Deeper analysis

CVE-2025-27604 is a vulnerability in the XWiki Confluence Migrator Pro application, which helps administrators import Confluence packages into XWiki instances. The issue arises because the application's homepage is publicly accessible, enabling unauthenticated guests to download packages that may contain sensitive information. This flaw, classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and was published on 2025-03-07.

Any unauthenticated attacker with network access can exploit this vulnerability with low complexity and no user interaction required. Exploitation allows the attacker to download Confluence packages from the public homepage, potentially exposing sensitive data contained within them and resulting in high confidentiality impact.

The vulnerability is fixed in version 1.11.7 of XWiki Confluence Migrator Pro. Mitigation details are available in the GitHub security advisory at https://github.com/xwikisas/application-confluence-migrator-pro/security/advisories/GHSA-3w9f-2pph-j5vc and the corresponding fixing commit at https://github.com/xwikisas/application-confluence-migrator-pro/commit/6ced42b1f341fd0ce6734fc58c7d694da5f365fb.

EU & UK References

Vulnerability details

XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. The homepage of the application is public which enables a guest to download the package which might contain sensitive information. This vulnerability is fixed in 1.11.7.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1213.001 Confluence Collection
Why these techniques?

The vulnerability publicly exposes Confluence packages (potentially containing sensitive data) via the unauthenticated homepage of the Confluence Migrator Pro app, directly enabling adversaries to collect data from Confluence information repositories.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-51846Same vendor: Xwiki
CVE-2025-24893Same vendor: Xwiki
CVE-2025-53835Same vendor: Xwiki
CVE-2025-53836Same vendor: Xwiki
CVE-2026-33229Same vendor: Xwiki
CVE-2025-55747Same vendor: Xwiki
CVE-2025-23025Same vendor: Xwiki
CVE-2025-51991Same vendor: Xwiki
CVE-2025-65036Same vendor: Xwiki
CVE-2025-66024Same vendor: Xwiki

Affected Assets

xwiki
confluence migrator
≤ 1.11.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires review and approval of publicly accessible content to ensure sensitive packages are not exposed on the application's homepage to unauthenticated guests.

prevent

Implements protections for information accessible from public web servers, preventing unauthorized downloads of sensitive Confluence packages.

prevent

Limits actions permitted without identification or authentication, blocking guest access to sensitive package downloads on the public homepage.

References