Scan free
HIGHCVE-2025-49581CVSS 7.5

CVE-2025-49581: RCE in XWiki Platform Rendering WikiMacro Store

Platform

java

Component

org.xwiki.platform:xwiki-platform-rendering-wikimacro-store

Fixed in

11.10.12

12.6.4

12.8.1

16.5.1

17.0.1

AI Confidence: highNVDEPSS 1.6%Reviewed: May 2026
View on NVD
Save

CVE-2025-49581 is a Remote Code Execution (RCE) vulnerability discovered in the XWiki Platform Rendering WikiMacro Store component. This flaw allows authenticated users with edit rights on a page to execute arbitrary code, potentially granting them complete control over the XWiki installation. The vulnerability impacts versions prior to 16.4.7, 16.10.3, and 17.0.0, and a fix has been released.

Java / Maven

Detect this CVE in your project

Upload your pom.xml file and we'll tell you instantly if you're affected.

Upload pom.xmlSupported formats: pom.xml · build.gradle

Impact and Attack Scenarios

The impact of CVE-2025-49581 is severe. An attacker can exploit this vulnerability by crafting a malicious wiki macro parameter that, when defined and used on a page with programming rights, executes arbitrary code. This code execution occurs with the privileges of the page author, effectively granting the attacker the same level of access. This could involve gaining access to sensitive data stored within XWiki, modifying system configurations, installing malware, or even pivoting to other systems on the network. The ability to execute code within the XWiki environment represents a significant compromise of the platform's confidentiality, integrity, and availability. The vulnerability's reliance on edit rights means that even standard users could be exploited if they have the ability to modify pages with programming permissions.

Exploitation Context

CVE-2025-49581 was publicly disclosed on 2025-06-13. There is currently no indication of active exploitation in the wild, but the availability of a public description and the ease of exploitation make it a potential target. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept code is expected to emerge given the vulnerability's nature and the public disclosure.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO

EPSS

1.62% (82% percentile)

CISA SSVC

Exploitationnone
Automatableno
Technical Impacttotal

Affected Software

Componentorg.xwiki.platform:xwiki-platform-rendering-wikimacro-store
Vendorosv
Affected rangeFixed in
>= 11.10.11, < 12.0 – >= 11.10.11, < 12.011.10.12
>= 12.6.3, < 12.7 – >= 12.6.3, < 12.712.6.4
>= 12.8-rc-1, < 16.4.7 – >= 12.8-rc-1, < 16.4.712.8.1
>= 16.5.0-rc-1, < 16.10.3 – >= 16.5.0-rc-1, < 16.10.316.5.1
>= 17.0.0-rc-1, < 17.0.0 – >= 17.0.0-rc-1, < 17.0.017.0.1

Weakness Classification (CWE)

CWE-94CWE-270CWE-250

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated

Mitigation and Workarounds

The primary mitigation for CVE-2025-49581 is to upgrade to a patched version of XWiki Platform: 16.4.7, 16.10.3, or 17.0.0. If immediate upgrading is not possible, consider implementing stricter validation of wiki macro parameters to prevent the injection of malicious code. This could involve whitelisting allowed characters or implementing input sanitization techniques. As a temporary workaround, restrict programming rights on pages where possible. Monitor XWiki logs for suspicious activity, particularly related to wiki macro execution. Consider implementing a Web Application Firewall (WAF) with rules to detect and block attempts to exploit this vulnerability, focusing on patterns indicative of code injection within wiki macro parameters.

How to fix

Actualice XWiki a la versión 16.4.7, 16.10.3 o 17.0.0, o a una versión posterior. Estas versiones contienen la corrección de seguridad para la vulnerabilidad de ejecución remota de código. La actualización mitigará el riesgo de que usuarios malintencionados ejecuten código arbitrario en su instalación de XWiki.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2025-49581 — RCE in XWiki Platform Rendering WikiMacro Store?

CVE-2025-49581 is a Remote Code Execution vulnerability in the XWiki Platform Rendering WikiMacro Store component, allowing authenticated users with edit rights to execute arbitrary code.

Am I affected by CVE-2025-49581 in XWiki Platform?

You are affected if you are using XWiki Platform versions prior to 16.4.7, 16.10.3, or 17.0.0 and have users with edit rights on pages with programming permissions.

How do I fix CVE-2025-49581 in XWiki Platform?

Upgrade to a patched version of XWiki Platform: 16.4.7, 16.10.3, or 17.0.0. As a temporary workaround, restrict programming rights on pages.

Is CVE-2025-49581 being actively exploited?

There is currently no indication of active exploitation in the wild, but the vulnerability's nature makes it a potential target.

Where can I find the official XWiki advisory for CVE-2025-49581?

Refer to the official XWiki security advisory for detailed information and mitigation steps: [https://www.xwiki.com/xwiki/bin/view/Main/SecurityAdvisories](https://www.xwiki.com/xwiki/bin/view/Main/SecurityAdvisories)

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs