CVE-2025-65036HIGH 8.3EPSS p25.1%

CVE-2025-65036CVE-2025-65036

Description

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This vulnerability is fixed in 1.27.1.

Scoring

CVSS 3.18.3 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
EPSS0.33% probability of exploitation · percentile 25.1% · 2026-06-19T12:03:05Z
Published2025-12-05
Last modified2026-02-20

Underlying weaknesses· 1

CWE-862

References

  1. https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-472x-fwh9-r82f

1

TypeTargetConfidenceTier
WeaknessMissing Authorizationcwe-8620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-55730
CVE
CVE-2025-55729
CVE
CVE-2025-55727
CVE
CVE-2025-55728
CVE
CVE-2025-53836
CVE
CVE-2025-49582
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.