How to fix CVE-2025-65036?

Within 24 hours: Inventory all XWiki instances and identify which are running Remote Macros plugin with version < 1.27.1; disable the Remote Macros plugin immediately if not critical to operations. Within 7 days: Upgrade to Remote Macros 1.27.1 or later on all affected systems; conduct log review for signs of exploitation (unusual Velocity macro execution patterns, unexpected code execution). Within 30 days: Perform comprehensive security assessment of affected systems for lateral movement or data exfiltration; implement network segmentation to restrict XWiki plugin access.

Is Pro Macros affected by CVE-2025-65036?

XWiki Remote Macros versions prior to 1.27.1 contain a critical vulnerability that allows unauthenticated attackers to execute arbitrary code on affected systems by exploiting insufficient permission checks in the Velocity macro rendering engine.

CVE-2025-65036

Q: Is Pro Macros affected by CVE-2025-65036?

XWiki Remote Macros versions prior to 1.27.1 contain a critical vulnerability that allows unauthenticated attackers to execute arbitrary code on affected systems by exploiting insufficient permission checks in the Velocity macro rendering engine.

EUVD-2025-201417 HIGH

2025-12-05 [email protected]

8.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 17:08 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 17:08 euvd

EUVD-2025-201417

CVE Published

Dec 05, 2025 - 17:16 nvd

HIGH 8.3

Description

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This vulnerability is fixed in 1.27.1.

Analysis

Technical Context

Remote code execution allows an attacker to run arbitrary commands or code on the target system over a network without prior authentication. This vulnerability is classified as Missing Authorization (CWE-862).

Affected Products

Affected products: Xwiki Pro Macros

Remediation

Apply vendor patches immediately. Restrict network access to vulnerable services. Implement network segmentation and monitoring for anomalous activity.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.7

CVSS: +42

POC: 0

CVE-2025-65036 vulnerability details – vuln.today

Back

CVE-2025-65036

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-65036

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code