Platform
java
Component
org.xwiki.platform:xwiki-platform-rendering-wikimacro-store
Fixed in
11.10.12
12.6.4
12.8.1
16.5.1
17.0.1
CVE-2025-49581 is a Remote Code Execution (RCE) vulnerability discovered in the XWiki Platform Rendering WikiMacro Store component. This flaw allows authenticated users with edit rights on a page to execute arbitrary code, potentially granting them complete control over the XWiki installation. The vulnerability impacts versions prior to 16.4.7, 16.10.3, and 17.0.0, and a fix has been released.
The impact of CVE-2025-49581 is severe. An attacker can exploit this vulnerability by crafting a malicious wiki macro parameter that, when defined and used on a page with programming rights, executes arbitrary code. This code execution occurs with the privileges of the page author, effectively granting the attacker the same level of access. This could involve gaining access to sensitive data stored within XWiki, modifying system configurations, installing malware, or even pivoting to other systems on the network. The ability to execute code within the XWiki environment represents a significant compromise of the platform's confidentiality, integrity, and availability. The vulnerability's reliance on edit rights means that even standard users could be exploited if they have the ability to modify pages with programming permissions.
CVE-2025-49581 was publicly disclosed on 2025-06-13. There is currently no indication of active exploitation in the wild, but the availability of a public description and the ease of exploitation make it a potential target. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept code is expected to emerge given the vulnerability's nature and the public disclosure.
Exploit Status
EPSS
1.62% (82% percentile)
CISA SSVC
The primary mitigation for CVE-2025-49581 is to upgrade to a patched version of XWiki Platform: 16.4.7, 16.10.3, or 17.0.0. If immediate upgrading is not possible, consider implementing stricter validation of wiki macro parameters to prevent the injection of malicious code. This could involve whitelisting allowed characters or implementing input sanitization techniques. As a temporary workaround, restrict programming rights on pages where possible. Monitor XWiki logs for suspicious activity, particularly related to wiki macro execution. Consider implementing a Web Application Firewall (WAF) with rules to detect and block attempts to exploit this vulnerability, focusing on patterns indicative of code injection within wiki macro parameters.
Actualice XWiki a la versión 16.4.7, 16.10.3 o 17.0.0, o a una versión posterior. Estas versiones contienen la corrección de seguridad para la vulnerabilidad de ejecución remota de código. La actualización mitigará el riesgo de que usuarios malintencionados ejecuten código arbitrario en su instalación de XWiki.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-49581 is a Remote Code Execution vulnerability in the XWiki Platform Rendering WikiMacro Store component, allowing authenticated users with edit rights to execute arbitrary code.
You are affected if you are using XWiki Platform versions prior to 16.4.7, 16.10.3, or 17.0.0 and have users with edit rights on pages with programming permissions.
Upgrade to a patched version of XWiki Platform: 16.4.7, 16.10.3, or 17.0.0. As a temporary workaround, restrict programming rights on pages.
There is currently no indication of active exploitation in the wild, but the vulnerability's nature makes it a potential target.
Refer to the official XWiki security advisory for detailed information and mitigation steps: [https://www.xwiki.com/xwiki/bin/view/Main/SecurityAdvisories](https://www.xwiki.com/xwiki/bin/view/Main/SecurityAdvisories)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your pom.xml file and we'll tell you instantly if you're affected.