CVE-2025-65090 — MEDIUM (5.3)

Q: How severe is CVE-2025-65090?

CVE-2025-65090 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-65090?

Check the references section above for vendor advisories and patch information. Affected products include: Xwiki Full Calendar Macro.

Vulnerability Description

XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.6, users with the rights to view the Calendar.JSONService page (including guest users) can exploit the data leak vulnerability by accessing database info, with the exception of passwords. This issue has been patched in version 2.4.6.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Xwiki	Full Calendar Macro	< 2.4.6

Related Weaknesses (CWE)

CWE-200

References

https://github.com/xwiki-contrib/macro-fullcalendar/commit/25bc14c181c9a92f493b2Patch
https://github.com/xwiki-contrib/macro-fullcalendar/security/advisories/GHSA-637Third Party Advisory
https://jira.xwiki.org/browse/FULLCAL-82Permissions Required

FAQ

What is CVE-2025-65090?

CVE-2025-65090 is a vulnerability with a CVSS score of 5.3 (MEDIUM). XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.6, users with the rights to view the Calendar.JSONService page (including guest users) can exploit the da...

How severe is CVE-2025-65090?

CVE-2025-65090 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-65090?

Check the references section above for vendor advisories and patch information. Affected products include: Xwiki Full Calendar Macro.