CVE-2025-65036 | THREATINT

Description

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This vulnerability is fixed in 1.27.1.

PUBLISHED Reserved 2025-11-13 | Published 2025-12-05 | Updated 2025-12-05 | Assigner GitHub_M

HIGH: 8.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Problem types

CWE-862: Missing Authorization

Product status

< 1.27.1

affected

References

github.com/...macros/security/advisories/GHSA-472x-fwh9-r82f

cve.org (CVE-2025-65036)

nvd.nist.gov (CVE-2025-65036)