CVE-2025-55727
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-09-17
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xwiki | pro_macros | From 1.0 (inc) to 1.26.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
| CWE-95 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval"). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the XWiki Remote Macros package, specifically in the column macro's 'width' parameter, which is not properly escaped. Because the width parameter is used directly in XWiki syntax without sanitization, it allows an attacker who can edit any page or access the CKEditor converter to inject malicious XWiki syntax or Velocity code. This injection can lead to remote code execution, especially if the macro was installed by a user with programming rights or the attacker has wiki admin privileges. The flaw is due to improper neutralization of directives in dynamically evaluated code, enabling attackers to execute arbitrary code remotely without needing privileges or user interaction. [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to complete compromise of the XWiki installation, affecting confidentiality, integrity, and availability. An attacker can execute arbitrary code remotely, potentially taking full control over the system, accessing sensitive data, modifying or deleting content, and disrupting service availability. The vulnerability requires no privileges or user interaction and can be exploited remotely over the network, making it highly critical. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to inject code into the width parameter of the column macro in XWiki pages. A proof of concept involves inserting a column macro via the WYSIWYG editor or CKEditor converter and injecting Groovy or Velocity code in the width parameter to see if it executes and displays output. There are no specific network commands provided, but testing for the presence of the vulnerable macro version (1.0 up to 1.26.4) and attempting syntax injection in the width parameter can help detect it. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the XWiki Pro Macros package to version 1.26.5 or later, which contains a patch that properly escapes the width parameter in the column macro to prevent code injection. If upgrading is not immediately possible, avoid allowing untrusted users to edit pages or access the CKEditor converter, especially those without programming rights, to reduce the risk of exploitation. [1, 2]