HIGH🇵🇱 Wersja polska

CVE-2025-65036

CVSS 8.3v3.1pub. 2025-12-05upd. 2026-02-20

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This vulnerability is fixed in 1.27.1.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
  • Xwiki Pro Macros

    APP
    Xwiki
    < 1.27.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-55727CRITICAL10.0PL ✓ten sam produkt

XWiki Pro Macros: RCE przez brak escapowania parametru width w makro column

CVE-2025-55728CRITICAL10.0PL ✓ten sam produkt

RCE przez XWiki syntax injection w parametrze classes makra Panel

CVE-2024-42489CRITICAL10.0PL ✓ten sam produkt

RCE przez brak escapowania w makrze Viewpdf w XWiki Pro Macros

CVE-2025-65089MEDIUM6.8ten sam produkt

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Pr...

CVE-2025-24893CRITICAL9.8⚠ KEVPL ✓ten sam vendor

XWiki Platform — niezautoryzowany RCE przez endpoint SolrSearch