平台
java
组件
org.xwiki.platform:xwiki-platform-rendering-wikimacro-store
修复版本
11.10.12
12.6.4
12.8.1
16.5.1
17.0.1
CVE-2025-49581 is a Remote Code Execution (RCE) vulnerability discovered in the XWiki Platform Rendering WikiMacro Store component. This flaw allows authenticated users with edit rights on a page to execute arbitrary code, potentially granting them complete control over the XWiki installation. The vulnerability impacts versions prior to 16.4.7, 16.10.3, and 17.0.0, and a fix has been released.
The impact of CVE-2025-49581 is severe. An attacker can exploit this vulnerability by crafting a malicious wiki macro parameter that, when defined and used on a page with programming rights, executes arbitrary code. This code execution occurs with the privileges of the page author, effectively granting the attacker the same level of access. This could involve gaining access to sensitive data stored within XWiki, modifying system configurations, installing malware, or even pivoting to other systems on the network. The ability to execute code within the XWiki environment represents a significant compromise of the platform's confidentiality, integrity, and availability. The vulnerability's reliance on edit rights means that even standard users could be exploited if they have the ability to modify pages with programming permissions.
CVE-2025-49581 was publicly disclosed on 2025-06-13. There is currently no indication of active exploitation in the wild, but the availability of a public description and the ease of exploitation make it a potential target. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept code is expected to emerge given the vulnerability's nature and the public disclosure.
Organizations using XWiki Platform, particularly those with multiple users who have edit rights on pages with programming permissions, are at risk. Shared hosting environments where multiple users share access to the same XWiki instance are especially vulnerable, as a compromised user could potentially exploit this vulnerability to gain access to other users' data or the entire hosting environment. Legacy XWiki installations that have not been regularly updated are also at increased risk.
• java / server: Monitor XWiki logs for unusual wiki macro execution patterns, particularly those involving Groovy, Python, or Velocity code. Look for errors related to macro parameter parsing or execution.
journalctl -u xwiki -f | grep -i "wiki macro execution"• java / server: Use a security scanner to identify pages with programming rights and examine their wiki macro configurations for suspicious parameters.
• generic web: Attempt to define a wiki macro parameter with potentially malicious code (e.g., System.out.println("Exploit")) and observe the XWiki response for signs of code execution.
• generic web: Review XWiki access and error logs for any unusual activity related to wiki macro usage or parameter manipulation.
disclosure
漏洞利用状态
EPSS
1.62% (82% 百分位)
CISA SSVC
The primary mitigation for CVE-2025-49581 is to upgrade to a patched version of XWiki Platform: 16.4.7, 16.10.3, or 17.0.0. If immediate upgrading is not possible, consider implementing stricter validation of wiki macro parameters to prevent the injection of malicious code. This could involve whitelisting allowed characters or implementing input sanitization techniques. As a temporary workaround, restrict programming rights on pages where possible. Monitor XWiki logs for suspicious activity, particularly related to wiki macro execution. Consider implementing a Web Application Firewall (WAF) with rules to detect and block attempts to exploit this vulnerability, focusing on patterns indicative of code injection within wiki macro parameters.
Actualice XWiki a la versión 16.4.7, 16.10.3 o 17.0.0, o a una versión posterior. Estas versiones contienen la corrección de seguridad para la vulnerabilidad de ejecución remota de código. La actualización mitigará el riesgo de que usuarios malintencionados ejecuten código arbitrario en su instalación de XWiki.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-49581 is a Remote Code Execution vulnerability in the XWiki Platform Rendering WikiMacro Store component, allowing authenticated users with edit rights to execute arbitrary code.
You are affected if you are using XWiki Platform versions prior to 16.4.7, 16.10.3, or 17.0.0 and have users with edit rights on pages with programming permissions.
Upgrade to a patched version of XWiki Platform: 16.4.7, 16.10.3, or 17.0.0. As a temporary workaround, restrict programming rights on pages.
There is currently no indication of active exploitation in the wild, but the vulnerability's nature makes it a potential target.
Refer to the official XWiki security advisory for detailed information and mitigation steps: [https://www.xwiki.com/xwiki/bin/view/Main/SecurityAdvisories](https://www.xwiki.com/xwiki/bin/view/Main/SecurityAdvisories)
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。
上传你的 pom.xml 文件,立即知道是否受影响。