CVE-2025-55730
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-09-11
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xwiki | xwiki_pro_macros | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-116 | The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-55730 is a critical remote code execution vulnerability in the XWiki Pro Macros package affecting versions 1.0 up to 1.26.5. It occurs because the 'title' parameter in the Confluence paste code macro is not properly escaped, specifically the 'classes' parameter is used without escaping in XWiki syntax. This allows an attacker who can edit any page to inject malicious XWiki syntax, enabling remote code execution. The vulnerability was fixed in version 1.26.5 by properly escaping the 'title' parameter before rendering. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to remotely execute arbitrary code on the affected system without any privileges or user interaction. It can lead to a complete compromise of the system's confidentiality, integrity, and availability, meaning an attacker can access sensitive data, alter or destroy data, and disrupt system operations. [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can severely impact compliance with standards like GDPR and HIPAA because it allows full compromise of data confidentiality, integrity, and availability. Unauthorized remote code execution could lead to exposure or alteration of sensitive personal or health information, violating data protection requirements and potentially resulting in legal and regulatory penalties. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve checking the version of the XWiki Pro Macros package installed to see if it is prior to version 1.26.5, which is vulnerable. Additionally, inspecting pages for the presence of the Confluence paste code macro with unescaped or suspicious 'title' or 'classes' parameters could indicate exploitation attempts. A proof of concept involves injection of Groovy code in the 'classes' parameter, such as `%)((){{async}}{{groovy}}println("Hello from Groovy!"){{/groovy}}{{/async}}`. Commands to detect vulnerable versions or suspicious macro usage would depend on your environment, but for example, you could grep the XWiki installation files or database content for the vulnerable macro usage or injected payloads. Specific commands are not provided in the resources. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the XWiki Pro Macros package to version 1.26.5 or later, where the vulnerability is fixed by properly escaping the 'title' parameter in the Confluence paste code macro. This fix prevents XWiki syntax injection and remote code execution. Until the upgrade can be applied, restrict edit permissions on pages to trusted users only, as the vulnerability requires edit access to exploit. [1, 2]