Remote Code Execution Vulnerability in XWiki by Malicious Macro Execution
CVE-2025-49582
What is CVE-2025-49582?
XWiki, a versatile wiki platform, contains a vulnerability that affects its macro execution handling. When editing content with certain macros, particularly those deemed 'dangerous', XWiki may incorrectly allow unverified macro parameters due to incomplete access control checks. This issue arises primarily because rights analyzers fail to assess case sensitivity and overlook the analysis of parameters within content and context macros. As a result, an attacker may exploit this flaw to insert malicious scripts—such as Groovy or Python macros—into a page. These malicious scripts can be executed when another user with programming rights edits the page, compromising the security of the XWiki instance. The vulnerability is addressed in updates made in versions 16.4.7, 16.10.3, and 17.0.0, which enhance the robustness of rights analyzers to prevent such exploits.
Affected Version(s)
xwiki-platform >= 15.9-rc-1, < 16.4.7 < 15.9-rc-1, 16.4.7
xwiki-platform >= 16.5.0-rc-1, < 16.10.3 < 16.5.0-rc-1, 16.10.3
xwiki-platform >= 17.0.0-rc-1, < 17.0.0 < 17.0.0-rc-1, 17.0.0