プラットフォーム
java
コンポーネント
org.xwiki.rendering:xwiki-rendering-transformation-macro
修正版
4.2.1
14.0.1
14.5.1
13.10.11
CVE-2025-53836 is a critical Remote Code Execution (RCE) vulnerability discovered in the XWiki Rendering Transformation Macro. This flaw allows attackers to bypass restrictions and execute unauthorized macros, potentially gaining full control of the XWiki instance. The vulnerability affects XWiki versions up to and including 9.9-rc-2. A fix is available in version 13.10.11.
The core of the vulnerability lies in the macro content parser's failure to properly preserve the 'restricted' attribute of the transformation context when executing nested macros. This oversight enables the execution of macros that are normally forbidden in restricted mode, particularly script macros. The Cache and Chart macros, bundled with XWiki, are directly impacted by this flaw. An attacker can exploit this by crafting malicious XWiki syntax, embedding it within a comment, and leveraging the privilege escalation to execute arbitrary code. This could lead to data breaches, system takeover, and potential lateral movement within the network if XWiki is integrated with other systems.
CVE-2025-53836 was publicly disclosed on 2025-07-14. The CVSS score of 9.9 (CRITICAL) indicates a high probability of exploitation. While no public proof-of-concept (PoC) has been released at the time of writing, the ease of exploitation and the critical nature of the vulnerability suggest that it is likely to become a target for attackers. It is not currently listed on the CISA KEV catalog.
Organizations heavily reliant on XWiki for content management, collaboration, or knowledge sharing are particularly at risk. This includes those using XWiki in sensitive environments or those with limited security expertise. Shared hosting environments where multiple users share the same XWiki instance are also at increased risk, as a compromise of one user's account could potentially lead to a broader system compromise.
• java / server: Monitor XWiki logs for unusual macro execution patterns, particularly those involving nested macros or script macros. Look for attempts to bypass restricted mode.
journalctl -u xwiki -f | grep -i "macro execution"• generic web: Examine XWiki access logs for requests containing suspicious macro syntax within comments. Use curl to test for macro execution vulnerabilities.
curl 'http://xwiki/xwiki/bin/view/Main/YourPage?syntax=<malicious_macro_syntax>' -v• wordpress / composer / npm: (Not applicable, as XWiki is a Java-based application) • database (mysql, redis, mongodb, postgresql): (Not applicable, as the vulnerability does not directly involve the database) • windows / supply-chain: (Not applicable, as XWiki is a Java-based application)
disclosure
エクスプロイト状況
EPSS
1.71% (82% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation is to immediately upgrade to XWiki version 13.10.11 or later, which contains the fix for this vulnerability. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restricting user permissions to prevent the execution of script macros is a crucial step. Review and audit all XWiki configurations to ensure the principle of least privilege is enforced. While a WAF or proxy rule cannot directly prevent this vulnerability, it can help detect and block suspicious macro execution patterns. Monitor XWiki logs for unusual macro activity and consider implementing a Sigma or YARA rule to detect malicious macro syntax.
XWiki Rendering をバージョン 13.10.11、14.4.7、または 14.10、またはそれ以降のバージョンにアップデートしてください。一時的な対策として、アップグレードが実行されるまで、信頼できないユーザーに対してコメントを無効にしてください。編集権限を持つユーザーは、オブジェクトエディターを通じてコメントを追加できることに注意してください。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-53836 is a critical Remote Code Execution vulnerability in the XWiki Rendering Transformation Macro, allowing attackers to bypass restrictions and execute unauthorized macros.
You are affected if you are using XWiki versions 9.9-rc-2 or earlier. Upgrade to 13.10.11 or later to mitigate the risk.
Upgrade to XWiki version 13.10.11 or later. As a temporary workaround, restrict user permissions to prevent script macro execution.
While no public exploit is currently known, the vulnerability's severity and ease of exploitation suggest it is likely to become a target for attackers.
Refer to the official XWiki security advisory for detailed information and updates: [https://www.xwiki.com/xwiki/bin/view/Main/SecurityAdvisories](https://www.xwiki.com/xwiki/bin/view/Main/SecurityAdvisories)
pom.xml ファイルをアップロードすると、影響の有無を即座にお知らせします。