What is the CVSS score of CVE-2025-65036?

CVE-2025-65036 has a CVSS 3.1 base score of 8.3 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L. EPSS exploitation probability: 0.7%.

Which versions of Pro Macros are affected by CVE-2025-65036?

XWiki Remote Macros versions before 1.27.1 contain a critical remote code execution vulnerability where Velocity templates execute without permission validation, allowing attackers to gain arbitrary…. A patch is available.

How to fix or mitigate CVE-2025-65036?

Within 24 hours: identify all XWiki instances running Remote Macros and determine current version numbers. Within 7 days: upgrade all instances to Remote Macros version 1.27.1 or later and validate the upgrade in a staging environment first. Within 30 days: audit access logs for any suspicious macro execution activity and review permission configurations on all affected XWiki instances.

Pro Macros CVE-2025-65036

EUVD-2025-201417 HIGH

Missing Authorization (CWE-862)

2025-12-05 security-advisories@github.com

Authentication Bypass RCE Atlassian Pro Macros

8.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:23 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

1.27.1

EUVD ID Assigned

Mar 15, 2026 - 17:08 euvd

EUVD-2025-201417

Analysis Generated

Mar 15, 2026 - 17:08 vuln.today

CVE Published

Dec 05, 2025 - 17:16 nvd

HIGH 8.3

DescriptionNVD

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This vulnerability is fixed in 1.27.1.

Analysis

Technical ContextAI

Remote code execution allows an attacker to run arbitrary commands or code on the target system over a network without prior authentication. This vulnerability is classified as Missing Authorization (CWE-862).

RemediationAI

Apply vendor patches immediately. Restrict network access to vulnerable services. Implement network segmentation and monitoring for anomalous activity.