CVE-2025-27603

Name of the Vulnerable Software and Affected Versions XWiki Confluence Migrator Pro versions prior to 1.2.0

Description A user without programming rights can execute arbitrary code due to an unescaped translation when creating a page using the Migration Page template. This issue allows for the execution of arbitrary code, potentially leading to security breaches. The estimated number of affected devices and real-world incidents are not specified.

Recommendations For versions prior to 1.2.0, update to version 1.2.0 to fix the issue. As a temporary workaround, consider restricting access to the Migration Page template until the update is applied. Additionally, avoid using the XWiki.TranslationDocumentClass object with scope USER in the object editor to minimize the risk of exploitation.