Plateforme
java
Composant
xwiki-pro-macros
Corrigé dans
1.0.1
CVE-2025-55728 affects XWiki Remote Macros, a component used for migrating content from platforms like Confluence. This vulnerability allows an attacker to execute arbitrary code on a vulnerable system. The issue stems from improper escaping of the 'classes' parameter within the panel macro, impacting versions 1.0 through 1.26.4. A patch is available in version 1.26.5.
The impact of CVE-2025-55728 is severe. An attacker who can edit any page within the XWiki instance can exploit this vulnerability to achieve remote code execution. This means they could potentially gain full control of the server hosting the XWiki application, including access to sensitive data, modification of content, and installation of malicious software. The ability to inject XWiki syntax directly into the system bypasses standard security controls, making exploitation relatively straightforward for a skilled attacker. Lateral movement within the network is possible if the XWiki server has access to other systems or resources. The blast radius extends to any data stored or processed by the XWiki instance, as well as any systems accessible from the compromised server.
CVE-2025-55728 was published on September 9, 2025. Its critical CVSS score (10) indicates a high probability of exploitation. Public proof-of-concept (POC) code is likely to emerge given the vulnerability's ease of exploitation and the critical impact. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting XWiki installations. Refer to the NVD (National Vulnerability Database) and CISA (Cybersecurity and Infrastructure Security Agency) websites for updates and further information.
Statut de l'Exploit
EPSS
3.35% (percentile 87%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-55728 is to upgrade XWiki Remote Macros to version 1.26.5 or later, which contains the necessary patch. If immediate upgrading is not possible due to compatibility issues or testing requirements, consider implementing temporary workarounds. These may include restricting user permissions to limit who can edit pages, or implementing a Web Application Firewall (WAF) rule to block requests containing suspicious XWiki syntax in the 'classes' parameter. Carefully review and validate any user-supplied input before rendering it within XWiki macros. After upgrading, confirm the fix by attempting to inject XWiki syntax into the 'classes' parameter of a panel macro and verifying that the injection is properly sanitized and does not result in code execution.
Actualice el plugin XWiki Remote Macros a la versión 1.26.5 o superior. Esta versión contiene una corrección para la vulnerabilidad de ejecución remota de código. La actualización se puede realizar a través del administrador de plugins de XWiki.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
It's a critical Remote Code Execution (RCE) vulnerability in XWiki Remote Macros, allowing attackers to execute code via unescaped input.
If you're using XWiki Remote Macros versions 1.0 through 1.26.4, you are vulnerable. Check your version immediately.
Upgrade to XWiki Remote Macros version 1.26.5 or later to patch the vulnerability. Consider temporary workarounds if immediate upgrade isn't possible.
While no active exploitation has been confirmed, the critical severity and ease of exploitation suggest a high likelihood of future attacks.
Refer to the XWiki security advisory, the NVD entry (https://nvd.nist.gov/vuln/detail/CVE-2025-55728), and CISA advisories for detailed information.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier pom.xml et nous te dirons instantanément si tu es affecté.