CVE-2025-55727
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-09

Last updated on: 2025-09-17

Assigner: GitHub, Inc.

Description
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the width parameter in the column macro allows remote code execution for any user who can edit any page or who can access the CKEditor converter. The width parameter is used without escaping in XWiki syntax, thus allowing XWiki syntax injection which enables remote code execution when the macro has been installed by a user with programming right, or it at least allows executing Velocity code as the wiki admin. Version 1.26.5 contains a patch for the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-09
Last Modified
2025-09-17
Generated
2026-06-16
AI Q&A
2025-09-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-55727
EUVD
EUVD-2025-27462
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
xwiki pro_macros From 1.0 (inc) to 1.26.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CWE-95 The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the XWiki Remote Macros package, specifically in the column macro's 'width' parameter, which is not properly escaped. Because the width parameter is used directly in XWiki syntax without sanitization, it allows an attacker who can edit any page or access the CKEditor converter to inject malicious XWiki syntax or Velocity code. This injection can lead to remote code execution, especially if the macro was installed by a user with programming rights or the attacker has wiki admin privileges. The flaw is due to improper neutralization of directives in dynamically evaluated code, enabling attackers to execute arbitrary code remotely without needing privileges or user interaction. [1]

Impact Analysis

Exploitation of this vulnerability can lead to complete compromise of the XWiki installation, affecting confidentiality, integrity, and availability. An attacker can execute arbitrary code remotely, potentially taking full control over the system, accessing sensitive data, modifying or deleting content, and disrupting service availability. The vulnerability requires no privileges or user interaction and can be exploited remotely over the network, making it highly critical. [1]

Detection Guidance

This vulnerability can be detected by attempting to inject code into the width parameter of the column macro in XWiki pages. A proof of concept involves inserting a column macro via the WYSIWYG editor or CKEditor converter and injecting Groovy or Velocity code in the width parameter to see if it executes and displays output. There are no specific network commands provided, but testing for the presence of the vulnerable macro version (1.0 up to 1.26.4) and attempting syntax injection in the width parameter can help detect it. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade the XWiki Pro Macros package to version 1.26.5 or later, which contains a patch that properly escapes the width parameter in the column macro to prevent code injection. If upgrading is not immediately possible, avoid allowing untrusted users to edit pages or access the CKEditor converter, especially those without programming rights, to reduce the risk of exploitation. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-55727. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart