Plattform
java
Komponente
org.xwiki.rendering:xwiki-rendering-syntax-xhtml
Behoben in
5.4.6
14.10
CVE-2025-53835 is a critical Cross-Site Scripting (XSS) vulnerability discovered in the XWiki Rendering Syntax XHTML component. This flaw allows attackers to inject malicious HTML and JavaScript code into XWiki documents, potentially leading to account takeover and data theft. The vulnerability affects XWiki versions up to and including 9.9-rc-2, and a fix is available in version 14.10.
The vulnerability stems from the XHTML syntax relying on the xdom+xml/current syntax, which permits the creation of raw blocks. These raw blocks allow the insertion of arbitrary HTML content, including JavaScript. An attacker can exploit this by setting the document's syntax to xdom+xml/current and then injecting malicious code. Successful exploitation could allow an attacker to steal user credentials, deface the XWiki instance, or redirect users to malicious websites. Given XWiki's use in many organizations for internal documentation and collaboration, the potential impact is significant, particularly if user profiles are enabled for editing, as is the default configuration.
This vulnerability was publicly disclosed on 2025-07-14. No known public proof-of-concept (PoC) exists as of this writing, but the ease of exploitation makes it likely that one will emerge. The CVSS score of 9.0 (CRITICAL) indicates a high probability of exploitation. It is not currently listed on the CISA KEV catalog.
Organizations using XWiki for internal documentation, collaboration, or knowledge management are at risk. Specifically, deployments with user profiles enabled for editing are particularly vulnerable, as attackers can directly modify user profiles to inject malicious code. Shared hosting environments where multiple users have access to XWiki instances also face increased risk.
• java: Monitor XWiki logs for attempts to set document syntax to xdom+xml/current.
grep 'syntax=xdom+xml/current' /path/to/xwiki/logs/xwiki.log• generic web: Check for suspicious HTML tags or JavaScript code in XWiki document content using a WAF or manual inspection. • generic web: Monitor access logs for requests containing unusual HTML or JavaScript patterns. • generic web: Review XWiki document templates for potential vulnerabilities related to raw HTML insertion.
disclosure
Exploit-Status
EPSS
1.35% (80% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to upgrade to XWiki version 14.10 or later, which contains the fix for this vulnerability. If upgrading immediately is not possible, consider restricting document editing permissions to trusted users only. While not a complete solution, this can limit the attack surface. Implement a Web Application Firewall (WAF) rule to block requests containing suspicious HTML tags or JavaScript code within document content. Monitor XWiki logs for unusual activity, particularly attempts to modify document syntax or insert raw HTML blocks. There are no specific Sigma or YARA rules available at this time, but general XSS detection rules should be applied.
Aktualisieren Sie die XWiki Rendering-Bibliothek auf Version 14.10 oder höher. Diese Version behebt die XSS-Schwachstelle, indem die unsichere Abhängigkeit von der `xdom+xml/current`-Syntax der XHTML-Syntax entfernt wird. Das Update verhindert die Ausführung von beliebigem JavaScript-Code über bösartiges HTML-Inhalt.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-53835 is a critical XSS vulnerability in XWiki's XHTML rendering syntax, allowing attackers to inject malicious scripts. It affects versions up to 9.9-rc-2.
Yes, if you are using XWiki versions 9.9-rc-2 or earlier, you are vulnerable to this XSS attack. Upgrade immediately.
Upgrade to XWiki version 14.10 or later to resolve this vulnerability. If immediate upgrade is not possible, restrict document editing permissions.
While no active exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest it may be targeted soon.
Refer to the official XWiki security advisory for detailed information and mitigation steps: [https://www.xwiki.com/xwiki/bin/view/Main/SecurityAdvisories](https://www.xwiki.com/xwiki/bin/view/Main/SecurityAdvisories)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine pom.xml-Datei hoch und wir sagen dir sofort, ob du betroffen bist.