CVE-2025-55729
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-09

Last updated on: 2025-09-11

Assigner: GitHub, Inc.

Description
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the ac:type in the ConfluenceLayoutSection macro allows remote code execution for any user who can edit any page The classes parameter is used without escaping in XWiki syntax, thus allowing XWiki syntax injection which enables remote code execution. Version 1.26.5 has a fix for the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-09
Last Modified
2025-09-11
Generated
2026-06-16
AI Q&A
2025-09-09
EPSS Evaluated
2026-06-14
NVD
CVE-2025-55729
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
xwiki xwiki_pro_macros *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-116 The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the XWiki Remote Macros, specifically in the ConfluenceLayoutSection macro. It occurs because the macro does not properly escape the 'ac:type' attribute in the 'classes' parameter, which is processed as XWiki syntax without escaping. This allows an attacker who can edit any page to inject malicious XWiki syntax, leading to remote code execution on the affected system. The issue was fixed in version 1.26.5 by properly escaping the input to prevent injection. [1, 2]

Impact Analysis

This vulnerability can have severe impacts including remote code execution by an attacker with edit permissions on any page. It allows the attacker to execute arbitrary code remotely, which can lead to full compromise of the system's confidentiality, integrity, and availability. This means an attacker could disclose sensitive data, modify or delete data, and disrupt services completely. [2]

Detection Guidance

This vulnerability can be detected by checking if your XWiki Pro Macros package version is between 1.0 and prior to 1.26.5, as these versions are vulnerable. Additionally, you can look for the presence of malicious payloads in the 'classes' parameter of the ConfluenceLayoutSection macro, such as XWiki syntax injections or Groovy code snippets like '{{groovy}}...{{/groovy}}'. There is no specific network command provided, but inspecting page content or macro parameters for suspicious code injections is recommended. [2]

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade the XWiki Pro Macros package to version 1.26.5 or later, where the issue has been fixed by properly escaping the 'ac:type' parameter in the ConfluenceLayoutSection macro. This fix prevents unsafe content rendering and remote code execution. Until the upgrade, restrict edit permissions to trusted users only to reduce the risk of exploitation. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-55729. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart