XWiki Rendering Vulnerability in XWiki Product
CVE-2025-53836

Currently unrated

Key Information:

Vendor: XWiki
Status: XWiki Rendering
Vendor: CVE Published:; 15 July 2025

What is CVE-2025-53836?

The vulnerability in the XWiki Rendering component allows for unauthorized execution of macros in restricted mode due to a flaw in the default macro content parser. In certain versions of XWiki, this flaw enables executing prohibited macros, notably script macros, potentially leading to script execution vulnerabilities. This risk is particularly concerning when untrusted users are involved, as they could gain access to functionalities that should typically be restricted. Users are advised to disable comment functionality for untrusted users until the system is upgraded to patched versions (13.10.11, 14.4.7, or 14.10) that rectify this issue.

References

https://github.com/xwiki/xwiki-rendering/commit/c73fa3ccd...

https://github.com/xwiki/xwiki-rendering/security/advisor...

https://jira.xwiki.org/browse/XRENDERING-689

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2025