CVE-2025-65036

XWiki Remote Macros vulnerable to remote code execution using the confluence details summary macro

Description

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This vulnerability is fixed in 1.27.1.

INFO

Published Date :

2025-12-05T16:10:08.595Z

Last Modified :

2025-12-05T16:27:31.564Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-65036 vulnerability.

Vendors	Products
Xwiki	Pro Macros
Xwikisas	Xwiki-pro-macros

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-65036.

URL	Resource
https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-472x-fwh9-r82f

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact