CVE-2025-55729
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-09-11
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xwiki | xwiki_pro_macros | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-116 | The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the XWiki Remote Macros, specifically in the ConfluenceLayoutSection macro. It occurs because the macro does not properly escape the 'ac:type' attribute in the 'classes' parameter, which is processed as XWiki syntax without escaping. This allows an attacker who can edit any page to inject malicious XWiki syntax, leading to remote code execution on the affected system. The issue was fixed in version 1.26.5 by properly escaping the input to prevent injection. [1, 2]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including remote code execution by an attacker with edit permissions on any page. It allows the attacker to execute arbitrary code remotely, which can lead to full compromise of the system's confidentiality, integrity, and availability. This means an attacker could disclose sensitive data, modify or delete data, and disrupt services completely. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your XWiki Pro Macros package version is between 1.0 and prior to 1.26.5, as these versions are vulnerable. Additionally, you can look for the presence of malicious payloads in the 'classes' parameter of the ConfluenceLayoutSection macro, such as XWiki syntax injections or Groovy code snippets like '{{groovy}}...{{/groovy}}'. There is no specific network command provided, but inspecting page content or macro parameters for suspicious code injections is recommended. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade the XWiki Pro Macros package to version 1.26.5 or later, where the issue has been fixed by properly escaping the 'ac:type' parameter in the ConfluenceLayoutSection macro. This fix prevents unsafe content rendering and remote code execution. Until the upgrade, restrict edit permissions to trusted users only to reduce the risk of exploitation. [1, 2]