XWiki Remote Macros Vulnerability in XWiki Rendering Macros by XWiki
CVE-2025-55730
What is CVE-2025-55730?
The XWiki Remote Macros component, used for rendering within XWiki and facilitating content migration from Confluence, is susceptible to a security flaw that permits remote code execution. This vulnerability arises from inadequate escaping of the title parameter in the Confluence paste code macro, starting in version 1.0 and continuing through to version 1.26.4. Attackers can exploit this issue when users with edit permissions on pages utilize the affected macro, allowing for XWiki syntax injection and subsequent execution of arbitrary code. A fix was implemented in version 1.26.5 to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
xwiki-pro-macros >= 1.0, < 1.26.5
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved
