XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This vulnerability is fixed in 1.27.1.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:LXwiki Pro Macros
APPXwiki< 1.27.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
Related vulnerabilities
CVE-2025-55727CRITICAL10.0PL ✓ten sam produkt
XWiki Pro Macros: RCE przez brak escapowania parametru width w makro column
CVE-2025-55728CRITICAL10.0PL ✓ten sam produkt
RCE przez XWiki syntax injection w parametrze classes makra Panel
CVE-2024-42489CRITICAL10.0PL ✓ten sam produkt
RCE przez brak escapowania w makrze Viewpdf w XWiki Pro Macros
CVE-2025-65089MEDIUM6.8ten sam produkt
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Pr...
CVE-2025-24893CRITICAL9.8⚠ KEVPL ✓ten sam vendor
XWiki Platform — niezautoryzowany RCE przez endpoint SolrSearch