CRITICAL🇵🇱 Wersja polska

CVE-2025-55727

CVSS 10.0v3.1pub. 2025-09-09upd. 2025-09-17

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the width parameter in the column macro allows remote code execution for any user who can edit any page or who can access the CKEditor converter. The width parameter is used without escaping in XWiki syntax, thus allowing XWiki syntax injection which enables remote code execution when the macro has been installed by a user with programming right, or it at least allows executing Velocity code as the wiki admin. Version 1.26.5 contains a patch for the issue.

🤖 AI Analysis
How it works

The width parameter in the column macro is embedded in XWiki syntax without proper escaping, which allows XWiki syntax injection. An attacker can inject arbitrary XWiki code, and as a result — if the extension is installed by a user with programming rights — achieve full remote code execution. In a less privileged scenario, execution of Velocity code with wiki administrator privileges is possible. The vulnerability is accessible to any user who can edit any page or use the CKEditor converter.

Impact

An attacker can achieve remote code execution (RCE) on the server side, or at least execute Velocity code with administrator privileges, which in practice means full takeover of the XWiki instance.

Mitigation & patch

XWiki Pro Macros should be updated to version 1.26.5, which contains an official patch for this vulnerability.

Who is affected

XWiki Pro Macros in versions from 1.0 to earlier than 1.26.5

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Xwiki Pro Macros

    APP
    Xwiki
    1.0 – 1.26.5 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-55728CRITICAL10.0PL ✓ten sam produkt

RCE przez XWiki syntax injection w parametrze classes makra Panel

CVE-2024-42489CRITICAL10.0PL ✓ten sam produkt

RCE przez brak escapowania w makrze Viewpdf w XWiki Pro Macros

CVE-2025-65036HIGH8.3ten sam produkt

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Pr...

CVE-2025-65089MEDIUM6.8ten sam produkt

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Pr...

CVE-2025-24893CRITICAL9.8⚠ KEVPL ✓ten sam vendor

XWiki Platform — niezautoryzowany RCE przez endpoint SolrSearch