प्लेटफ़ॉर्म
java
घटक
org.xwiki.rendering:xwiki-rendering-syntax-xhtml
में ठीक किया गया
5.4.6
14.10
CVE-2025-53835 is a critical Cross-Site Scripting (XSS) vulnerability discovered in the XWiki Rendering Syntax XHTML component. This flaw allows attackers to inject malicious HTML and JavaScript code into XWiki documents, potentially leading to account takeover and data theft. The vulnerability affects XWiki versions up to and including 9.9-rc-2, and a fix is available in version 14.10.
The vulnerability stems from the XHTML syntax relying on the xdom+xml/current syntax, which permits the creation of raw blocks. These raw blocks allow the insertion of arbitrary HTML content, including JavaScript. An attacker can exploit this by setting the document's syntax to xdom+xml/current and then injecting malicious code. Successful exploitation could allow an attacker to steal user credentials, deface the XWiki instance, or redirect users to malicious websites. Given XWiki's use in many organizations for internal documentation and collaboration, the potential impact is significant, particularly if user profiles are enabled for editing, as is the default configuration.
This vulnerability was publicly disclosed on 2025-07-14. No known public proof-of-concept (PoC) exists as of this writing, but the ease of exploitation makes it likely that one will emerge. The CVSS score of 9.0 (CRITICAL) indicates a high probability of exploitation. It is not currently listed on the CISA KEV catalog.
Organizations using XWiki for internal documentation, collaboration, or knowledge management are at risk. Specifically, deployments with user profiles enabled for editing are particularly vulnerable, as attackers can directly modify user profiles to inject malicious code. Shared hosting environments where multiple users have access to XWiki instances also face increased risk.
• java: Monitor XWiki logs for attempts to set document syntax to xdom+xml/current.
grep 'syntax=xdom+xml/current' /path/to/xwiki/logs/xwiki.log• generic web: Check for suspicious HTML tags or JavaScript code in XWiki document content using a WAF or manual inspection. • generic web: Monitor access logs for requests containing unusual HTML or JavaScript patterns. • generic web: Review XWiki document templates for potential vulnerabilities related to raw HTML insertion.
disclosure
एक्सप्लॉइट स्थिति
EPSS
1.35% (80% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation is to upgrade to XWiki version 14.10 or later, which contains the fix for this vulnerability. If upgrading immediately is not possible, consider restricting document editing permissions to trusted users only. While not a complete solution, this can limit the attack surface. Implement a Web Application Firewall (WAF) rule to block requests containing suspicious HTML tags or JavaScript code within document content. Monitor XWiki logs for unusual activity, particularly attempts to modify document syntax or insert raw HTML blocks. There are no specific Sigma or YARA rules available at this time, but general XSS detection rules should be applied.
XWiki Rendering लाइब्रेरी को संस्करण 14.10 या उच्चतर में अपडेट करें। यह संस्करण XHTML सिंटैक्स से असुरक्षित `xdom+xml/current` सिंटैक्स पर निर्भरता को हटाकर XSS भेद्यता को ठीक करता है। अपडेट दुर्भावनापूर्ण HTML सामग्री के माध्यम से मनमाना JavaScript कोड के निष्पादन को रोकेगा।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-53835 is a critical XSS vulnerability in XWiki's XHTML rendering syntax, allowing attackers to inject malicious scripts. It affects versions up to 9.9-rc-2.
Yes, if you are using XWiki versions 9.9-rc-2 or earlier, you are vulnerable to this XSS attack. Upgrade immediately.
Upgrade to XWiki version 14.10 or later to resolve this vulnerability. If immediate upgrade is not possible, restrict document editing permissions.
While no active exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest it may be targeted soon.
Refer to the official XWiki security advisory for detailed information and mitigation steps: [https://www.xwiki.com/xwiki/bin/view/Main/SecurityAdvisories](https://www.xwiki.com/xwiki/bin/view/Main/SecurityAdvisories)
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी pom.xml फ़ाइल अपलोड करें और तुरंत जानें कि आप प्रभावित हैं या नहीं।