Pro Macros
CVE-2025-55728
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionGitHub Advisory
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the classes parameter in the panel macro allows remote code execution for any user who can edit any page The classes parameter is used without escaping in XWiki syntax, thus allowing XWiki syntax injection which enables remote code execution. Version 1.26.5 contains a patch for the issue.
AnalysisAI
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-95. XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the classes parameter in the panel macro allows remote code execution for any user who can edit any page The classes parameter is used without escaping in XWiki syntax, thus allowing XWiki syntax injection which enables remote code execution. Version 1.26.5 contains a patch for the issue. Affected products include: Xwiki Pro Macros. Version information: version 1.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Pro Macros
View allPro Macros provides XWiki rendering macros. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable,
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.2
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Rated medium
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Rated critic
Same weakness CWE-95 – Eval Injection
View allShare
External POC / Exploit Code
Leaving vuln.today