CVE-2025-55729

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: XWiki Remote Macros versions 1.0 through 1.26.5

Description: XWiki Remote Macros provides XWiki rendering macros used for migrating content from Confluence. A missing escaping mechanism in the ac:type parameter within the ConfluenceLayoutSection macro allows for remote code execution. The classes parameter is used without proper escaping in XWiki syntax, enabling XWiki syntax injection, which also leads to remote code execution.

Recommendations: Update to version 1.26.5 or later.

Exploit

Fix

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-116

Related Identifiers

CVE-2025-55729

GHSA-22XJ-JPJG-GPGW

Affected Products

Xwiki Remote Macros

CVE-2025-55729

Weakness Enumeration

Related Identifiers

Affected Products

References · 9