Platform
java
Component
xwiki-pro-macros
Fixed in
1.0.1
CVE-2025-55727 affects XWiki Remote Macros, a component used for migrating content from platforms like Confluence. This vulnerability enables Remote Code Execution (RCE) due to insufficient escaping of the 'width' parameter within the column macro. Successful exploitation allows an attacker to execute arbitrary code, potentially compromising the entire XWiki instance. Affected versions include 1.0 through 1.26.4; the vulnerability is resolved in version 1.26.5.
The impact of CVE-2025-55727 is severe. An attacker can leverage the unescaped 'width' parameter in the column macro to inject XWiki syntax, ultimately leading to remote code execution. This can occur for any user with edit permissions on a page or those who can access the CKEditor converter. Crucially, if the macro has been installed by a user with programming rights, or even if the attacker can execute Velocity code as the wiki admin, the attacker gains full control over the server. This allows for data exfiltration, system compromise, and potentially lateral movement within the network. The ability to execute code as the wiki admin significantly expands the blast radius, potentially impacting all data and services hosted within the XWiki environment. This vulnerability shares similarities with other syntax injection vulnerabilities where improper input validation leads to code execution.
CVE-2025-55727 was published on September 9, 2025. The CVSS score of 10 (CRITICAL) indicates a high probability of exploitation. As of this writing, the vulnerability is not listed on KEV or EPSS, suggesting a currently low public awareness. However, the ease of exploitation and the potential for significant impact suggest that it could become a target for attackers. Public Proof-of-Concept (POC) code is not yet publicly available, but the vulnerability's nature makes it likely that such code will emerge. Monitor security advisories and threat intelligence feeds for updates.
Exploit Status
EPSS
6.91% (91% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-55727 is to upgrade XWiki Remote Macros to version 1.26.5 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds. Restrict user permissions to limit who can edit pages and access the CKEditor converter. Implement strict input validation on all user-supplied data, particularly the 'width' parameter, to prevent XWiki syntax injection. Consider using a Web Application Firewall (WAF) to filter out malicious requests containing suspicious syntax. Monitor XWiki logs for any unusual activity or attempts to exploit the vulnerability. If you suspect a compromise, immediately isolate the affected system and conduct a thorough forensic investigation. After upgrading, confirm the fix by attempting to inject XWiki syntax through the column macro and verifying that the input is properly sanitized.
Actualice el plugin XWiki Remote Macros a la versión 1.26.5 o superior. Esta versión contiene una corrección para la vulnerabilidad de ejecución remota de código. La actualización se puede realizar a través del administrador de plugins de XWiki.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-55727 is a critical Remote Code Execution (RCE) vulnerability in XWiki Remote Macros, allowing attackers to execute code via an unescaped parameter.
You are affected if you are using XWiki Remote Macros versions 1.0 through 1.26.4. Versions prior to 1.26.5 are vulnerable.
Upgrade XWiki Remote Macros to version 1.26.5 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting user permissions and input validation.
While no active campaigns are known at this time, the critical severity and ease of exploitation suggest it could become a target. Monitor security advisories.
Refer to the official XWiki security advisory and the NVD entry for CVE-2025-55727 for detailed information and updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your pom.xml file and we'll tell you instantly if you're affected.