CVE-2025-53836

Name of the Vulnerable Software and Affected Versions: XWiki versions 4.2-milestone-1 through 13.10.10 XWiki versions 14.4.0 through 14.4.6 XWiki versions 14.10.0 through 14.9.9

Description: XWiki Rendering is a system that converts textual input into different syntaxes. A flaw exists where the default macro content parser does not properly enforce restrictions when executing nested macros. This allows the execution of macros normally prohibited in restricted mode, specifically script macros. The cache and chart macros included with XWiki are affected by this issue.

Recommendations: XWiki versions 4.2-milestone-1 through 13.10.10: Upgrade to version 13.10.11 or later. XWiki versions 14.4.0 through 14.4.6: Upgrade to version 14.4.7 or later. XWiki versions 14.10.0 through 14.9.9: Upgrade to version 14.10 or later. As a temporary measure, disable comments for untrusted users.