CVE-2025-65089

XWiki view file macro: User can view content of office file without view rights on the attachment

Description

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to version 1.27.0, a user with no view rights on a page may see the content of an office attachment displayed with the view file macro. This issue has been patched in version 1.27.0.

INFO

Published Date :

2025-11-19T17:41:31.805Z

Last Modified :

2025-11-19T18:46:46.790Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-65089 vulnerability.

Vendors	Products
Xwiki	Pro Macros
Xwikisas	Xwiki-pro-macros

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-65089.

URL	Resource
https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-8c52-x9w7-vc95

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact