Plattform
java
Komponente
xwiki-pro-macros
Behoben in
1.0.1
CVE-2025-55730 affects XWiki Remote Macros, a component used for migrating content from Confluence. The vulnerability stems from a lack of proper escaping in the confluence paste code macro, enabling an attacker to execute arbitrary code. This flaw impacts versions 1.0 through 1.26.4 and allows any user with edit permissions to potentially compromise the system. A fix is available in version 1.26.5.
The impact of CVE-2025-55730 is severe, allowing for Remote Code Execution (RCE). An attacker can exploit this vulnerability by crafting a malicious confluence paste code macro that, when processed by XWiki, executes arbitrary commands on the server. This could lead to complete system compromise, including data exfiltration, malware installation, and denial of service. The attacker's ability to execute code as the user with edit permissions significantly expands the potential blast radius, potentially affecting other users and systems within the XWiki environment. The lack of input sanitization makes this a particularly dangerous vulnerability, similar in impact to other injection flaws that allow for arbitrary code execution.
CVE-2025-55730 was published on September 9, 2025. Its critical CVSS score of 10 indicates a high probability of exploitation. While no public Proof-of-Concept (POC) exploits have been publicly released as of this writing, the ease of exploitation and the potential for significant impact suggest that it is likely to become a target for attackers. The vulnerability is not currently listed on KEV or EPSS, but its severity warrants close monitoring. Active campaigns are not currently known, but given the RCE nature, it is highly probable that threat actors will attempt to exploit this vulnerability.
Exploit-Status
EPSS
0.50% (66% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-55730 is to immediately upgrade XWiki Remote Macros to version 1.26.5 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict edit permissions on XWiki pages to only authorized users to limit the potential impact of a successful exploit. Implement a Web Application Firewall (WAF) with rules to detect and block malicious confluence paste code macros containing XWiki syntax injection attempts. Monitor XWiki logs for suspicious activity, particularly related to page edits and macro execution. After upgrading to 1.26.5, verify the fix by attempting to inject malicious XWiki syntax into a confluence paste code macro and confirming that it is properly sanitized and does not result in code execution.
Actualice el plugin XWiki Remote Macros a la versión 1.26.5 o superior. Esta versión contiene una corrección para la vulnerabilidad de ejecución remota de código. La actualización se puede realizar a través del administrador de plugins de XWiki.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
It's a critical Remote Code Execution (RCE) vulnerability in XWiki Remote Macros, allowing attackers to execute arbitrary code through unescaped input in the confluence paste code macro.
If you are using XWiki Remote Macros versions 1.0 through 1.26.4, you are vulnerable to this RCE flaw. Immediate action is required.
Upgrade XWiki Remote Macros to version 1.26.5 or later to patch the vulnerability. If immediate upgrade is impossible, implement temporary workarounds like restricting edit permissions.
While no public exploits are currently known, the vulnerability's severity suggests it's likely to become a target. Monitor your systems closely.
Refer to the official XWiki security advisory and the NVD entry for CVE-2025-55730 for detailed information and updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine pom.xml-Datei hoch und wir sagen dir sofort, ob du betroffen bist.