Plateforme
java
Composant
org.xwiki.rendering:xwiki-rendering-transformation-macro
Corrigé dans
4.2.1
14.0.1
14.5.1
13.10.11
CVE-2025-53836 is a critical Remote Code Execution (RCE) vulnerability discovered in the XWiki Rendering Transformation Macro. This flaw allows attackers to bypass restrictions and execute unauthorized macros, potentially gaining full control of the XWiki instance. The vulnerability affects XWiki versions up to and including 9.9-rc-2. A fix is available in version 13.10.11.
The core of the vulnerability lies in the macro content parser's failure to properly preserve the 'restricted' attribute of the transformation context when executing nested macros. This oversight enables the execution of macros that are normally forbidden in restricted mode, particularly script macros. The Cache and Chart macros, bundled with XWiki, are directly impacted by this flaw. An attacker can exploit this by crafting malicious XWiki syntax, embedding it within a comment, and leveraging the privilege escalation to execute arbitrary code. This could lead to data breaches, system takeover, and potential lateral movement within the network if XWiki is integrated with other systems.
CVE-2025-53836 was publicly disclosed on 2025-07-14. The CVSS score of 9.9 (CRITICAL) indicates a high probability of exploitation. While no public proof-of-concept (PoC) has been released at the time of writing, the ease of exploitation and the critical nature of the vulnerability suggest that it is likely to become a target for attackers. It is not currently listed on the CISA KEV catalog.
Organizations heavily reliant on XWiki for content management, collaboration, or knowledge sharing are particularly at risk. This includes those using XWiki in sensitive environments or those with limited security expertise. Shared hosting environments where multiple users share the same XWiki instance are also at increased risk, as a compromise of one user's account could potentially lead to a broader system compromise.
• java / server: Monitor XWiki logs for unusual macro execution patterns, particularly those involving nested macros or script macros. Look for attempts to bypass restricted mode.
journalctl -u xwiki -f | grep -i "macro execution"• generic web: Examine XWiki access logs for requests containing suspicious macro syntax within comments. Use curl to test for macro execution vulnerabilities.
curl 'http://xwiki/xwiki/bin/view/Main/YourPage?syntax=<malicious_macro_syntax>' -v• wordpress / composer / npm: (Not applicable, as XWiki is a Java-based application) • database (mysql, redis, mongodb, postgresql): (Not applicable, as the vulnerability does not directly involve the database) • windows / supply-chain: (Not applicable, as XWiki is a Java-based application)
disclosure
Statut de l'Exploit
EPSS
1.71% (percentile 82%)
CISA SSVC
Vecteur CVSS
The primary mitigation is to immediately upgrade to XWiki version 13.10.11 or later, which contains the fix for this vulnerability. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restricting user permissions to prevent the execution of script macros is a crucial step. Review and audit all XWiki configurations to ensure the principle of least privilege is enforced. While a WAF or proxy rule cannot directly prevent this vulnerability, it can help detect and block suspicious macro execution patterns. Monitor XWiki logs for unusual macro activity and consider implementing a Sigma or YARA rule to detect malicious macro syntax.
Mettez à jour XWiki Rendering à la version 13.10.11, 14.4.7 ou 14.10, ou à une version ultérieure. En tant que solution de contournement temporaire, désactivez les commentaires pour les utilisateurs non fiables jusqu'à ce que la mise à niveau puisse être effectuée. Notez que les utilisateurs disposant de droits d'édition pourront toujours ajouter des commentaires via l'éditeur d'objet.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-53836 is a critical Remote Code Execution vulnerability in the XWiki Rendering Transformation Macro, allowing attackers to bypass restrictions and execute unauthorized macros.
You are affected if you are using XWiki versions 9.9-rc-2 or earlier. Upgrade to 13.10.11 or later to mitigate the risk.
Upgrade to XWiki version 13.10.11 or later. As a temporary workaround, restrict user permissions to prevent script macro execution.
While no public exploit is currently known, the vulnerability's severity and ease of exploitation suggest it is likely to become a target for attackers.
Refer to the official XWiki security advisory for detailed information and updates: [https://www.xwiki.com/xwiki/bin/view/Main/SecurityAdvisories](https://www.xwiki.com/xwiki/bin/view/Main/SecurityAdvisories)
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier pom.xml et nous te dirons instantanément si tu es affecté.