CVE-2025-49582
BaseFortify
Publication date: 2025-06-13
Last updated on: 2025-09-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xwiki | xwiki | From 15.9 (inc) to 16.4.7 (exc) |
| xwiki | xwiki | From 16.5.0 (inc) to 16.10.3 (exc) |
| xwiki | xwiki | 17.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-357 | The user interface provides a warning to a user regarding dangerous or sensitive operations, but the warning is not noticeable enough to warrant attention. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-49582 is a high-severity vulnerability in the XWiki platform related to incomplete and insufficiently robust security checks on macros, specifically the required rights analyzers that warn about execution of potentially dangerous macros like malicious script macros. The analyzers fail to properly consider non-lowercase macro parameters and do not analyze many macro parameters that can contain XWiki syntax, such as titles of information boxes or the "source" parameters of content and context macros. This allows an attacker with low privileges to hide malicious content, including script macros written in Groovy or Python, which can be executed when a user with programming rights edits the page, potentially leading to remote code execution. The vulnerability was fixed by enhancing and extending the required rights analyzers to cover these previously unconsidered cases. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with low privileges to inject malicious script macros into XWiki pages by exploiting gaps in the required rights analyzers. When a user with programming rights later edits the affected page, the malicious scripts (including Groovy or Python macros) may be executed, leading to remote code execution. This can compromise the confidentiality, integrity, and availability of the system, potentially allowing unauthorized access, data manipulation, or disruption of services. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is related to incomplete required rights analysis in XWiki macros, allowing malicious script macros to be hidden and executed. Detection involves inspecting XWiki pages for the presence of dangerous macros, especially those with non-lowercase parameters or un-analyzed parameters like 'source' in content and context macros. Since this is a platform-level issue, detection on the network or system would require auditing XWiki content for suspicious macros or parameters. There are no specific network commands provided to detect this vulnerability. Instead, administrators should review macro usage in XWiki pages, focusing on script macros (Groovy, Python) authored by users with low privileges, and verify if the XWiki version is vulnerable (versions >= 15.9-rc-1 and < 16.4.7, >= 16.5.0-rc-1 and < 16.10.3, and >= 17.0.0-rc-1 and < 17.0.0). [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the XWiki platform to a patched version where the vulnerability is fixed: versions 16.4.7, 16.10.3, or 17.0.0 or later. These versions include enhanced and extended required rights analyzers that properly analyze macro parameters, including non-lowercase and wiki syntax parameters, and the 'source' parameter of content and context macros. Additionally, exercise caution when editing content authored by untrusted users, especially those with low privileges, to avoid executing malicious script macros. No known workarounds exist other than upgrading and careful content management. [1]