XWiki Remote Macros Vulnerability in XWiki Rendering Macros by XWiki
CVE-2025-55730

10CRITICAL

Key Information:

Vendor: Xwikisas
Status: Xwiki-pro-macros
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-55730?

The XWiki Remote Macros component, used for rendering within XWiki and facilitating content migration from Confluence, is susceptible to a security flaw that permits remote code execution. This vulnerability arises from inadequate escaping of the title parameter in the Confluence paste code macro, starting in version 1.0 and continuing through to version 1.26.4. Attackers can exploit this issue when users with edit permissions on pages utilize the affected macro, allowing for XWiki syntax injection and subsequent execution of arbitrary code. A fix was implemented in version 1.26.5 to mitigate this risk.

Affected Version(s)

xwiki-pro-macros >= 1.0, < 1.26.5

References

https://github.com/xwikisas/xwiki-pro-macros/security/adv...

x_refsource_CONFIRM

https://github.com/xwikisas/xwiki-pro-macros/commit/04971...

x_refsource_MISC

https://github.com/xwikisas/xwiki-pro-macros/blob/93ac1a3...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Aug 14, 2025

Xwikisas

What is CVE-2025-55730?

Affected Version(s)

References

CVSS V3.1

Timeline