CVE-2025-53836
BaseFortify
Publication date: 2025-07-15
Last updated on: 2025-08-26
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xwiki | xwiki | From 4.3 (inc) to 13.10.11 (exc) |
| xwiki | xwiki | From 14.0 (inc) to 14.4.7 (exc) |
| xwiki | xwiki | From 14.5 (inc) to 14.10 (exc) |
| xwiki | xwiki | 4.2 |
| xwiki | xwiki | 4.2 |
| xwiki | xwiki | 4.2 |
| xwiki | xwiki | 4.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in XWiki Rendering occurs because the default macro content parser does not preserve the 'restricted' attribute of the transformation context when executing nested macros. As a result, macros that should be forbidden in restricted mode, such as script macros, can be executed. This allows an attacker to run macros that normally require higher privileges within contexts like comments, leading to unauthorized code execution. [2, 1]
How can this vulnerability impact me? :
The vulnerability can lead to remote code execution by allowing attackers to execute forbidden macros, such as script macros, within restricted contexts like comments. This results in privilege escalation from comment rights to programming rights, enabling attackers to run arbitrary code remotely. This can compromise confidentiality, integrity, and availability of the system. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying if your XWiki rendering engine is running a vulnerable version of the macro content parser, specifically versions from 4.2-milestone-1 up to but not including 13.10.11, 14.0 up to but not including 14.4.7, and 14.5 up to but not including 14.10. You can check the version of your XWiki rendering module to determine if it is affected. Additionally, you can look for suspicious macro usage in comments, such as nested macros that include script macros (e.g., {{cache}}{{groovy}}...{{/groovy}}{{/cache}}), which could indicate exploitation attempts. There are no specific network or system commands provided in the resources to detect exploitation directly. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling comments for untrusted users to prevent exploitation via malicious macros embedded in comments. However, note that users with edit rights may still add comments via the object editor even if comments are disabled. The definitive fix is to upgrade to a patched version of XWiki rendering: 13.10.11, 14.4.7, or 14.10. Until the upgrade is performed, disabling comments for untrusted users is the recommended workaround. [2]