{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-53836", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-07-09T14:14:52.532Z", "datePublished": "2025-07-14T23:08:34.071Z", "dateUpdated": "2025-07-15T19:49:20.208Z"}, "containers": {"cna": {"title": "XWiki Rendering is vulnerable to RCE attacks when processing nested macros", "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "lang": "en", "description": "CWE-863: Incorrect Authorization", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-94", "lang": "en", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-32mf-57h2-64x9", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-32mf-57h2-64x9"}, {"name": "https://github.com/xwiki/xwiki-rendering/commit/c73fa3ccd4ac59057e48e5d4325f659e78e8f86d", "tags": ["x_refsource_MISC"], "url": "https://github.com/xwiki/xwiki-rendering/commit/c73fa3ccd4ac59057e48e5d4325f659e78e8f86d"}, {"name": "https://jira.xwiki.org/browse/XRENDERING-689", "tags": ["x_refsource_MISC"], "url": "https://jira.xwiki.org/browse/XRENDERING-689"}, {"name": "https://jira.xwiki.org/browse/XWIKI-20375", "tags": ["x_refsource_MISC"], "url": "https://jira.xwiki.org/browse/XWIKI-20375"}], "affected": [{"vendor": "xwiki", "product": "xwiki-rendering", "versions": [{"version": ">= 4.2-milestone-1, < 13.10.11", "status": "affected"}, {"version": ">= 14.0, < 14.4.7", "status": "affected"}, {"version": ">= 14.5, < 14.10", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-07-14T23:08:34.071Z"}, "descriptions": [{"lang": "en", "value": "XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting in version 4.2-milestone-1 and prior to versions 13.10.11, 14.4.7, and 14.10, the default macro content parser doesn't preserve the restricted attribute of the transformation context when executing nested macros. This allows executing macros that are normally forbidden in restricted mode, in particular script macros. The cache and chart macros that are bundled in XWiki use the vulnerable feature. This has been patched in XWiki 13.10.11, 14.4.7 and 14.10. To avoid the exploitation of this bug, comments can be disabled for untrusted users until an upgrade to a patched version has been performed. Note that users with edit rights will still be able to add comments via the object editor even if comments have been disabled."}], "source": {"advisory": "GHSA-32mf-57h2-64x9", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-32mf-57h2-64x9", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-15T13:24:52.433487Z", "id": "CVE-2025-53836", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-15T19:49:20.208Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-53836", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-15T13:24:52.433487Z"}}}], "references": [{"url": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-32mf-57h2-64x9", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-15T13:24:57.244Z"}}], "cna": {"title": "XWiki Rendering is vulnerable to RCE attacks when processing nested macros", "source": {"advisory": "GHSA-32mf-57h2-64x9", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "xwiki", "product": "xwiki-rendering", "versions": [{"status": "affected", "version": ">= 4.2-milestone-1, < 13.10.11"}, {"status": "affected", "version": ">= 14.0, < 14.4.7"}, {"status": "affected", "version": ">= 14.5, < 14.10"}]}], "references": [{"url": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-32mf-57h2-64x9", "name": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-32mf-57h2-64x9", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/xwiki/xwiki-rendering/commit/c73fa3ccd4ac59057e48e5d4325f659e78e8f86d", "name": "https://github.com/xwiki/xwiki-rendering/commit/c73fa3ccd4ac59057e48e5d4325f659e78e8f86d", "tags": ["x_refsource_MISC"]}, {"url": "https://jira.xwiki.org/browse/XRENDERING-689", "name": "https://jira.xwiki.org/browse/XRENDERING-689", "tags": ["x_refsource_MISC"]}, {"url": "https://jira.xwiki.org/browse/XWIKI-20375", "name": "https://jira.xwiki.org/browse/XWIKI-20375", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting in version 4.2-milestone-1 and prior to versions 13.10.11, 14.4.7, and 14.10, the default macro content parser doesn't preserve the restricted attribute of the transformation context when executing nested macros. This allows executing macros that are normally forbidden in restricted mode, in particular script macros. The cache and chart macros that are bundled in XWiki use the vulnerable feature. This has been patched in XWiki 13.10.11, 14.4.7 and 14.10. To avoid the exploitation of this bug, comments can be disabled for untrusted users until an upgrade to a patched version has been performed. Note that users with edit rights will still be able to add comments via the object editor even if comments have been disabled."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-07-14T23:08:34.071Z"}}}, "cveMetadata": {"cveId": "CVE-2025-53836", "state": "PUBLISHED", "dateUpdated": "2025-07-15T19:49:20.208Z", "dateReserved": "2025-07-09T14:14:52.532Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-07-14T23:08:34.071Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E92E140-D0A7-4CBD-AD0A-96B49A0C5320", "versionEndExcluding": "13.10.11", "versionStartIncluding": "4.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA3A5151-58FB-48CF-BFFB-5688608200C8", "versionEndExcluding": "14.4.7", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "569EE28C-5C86-467F-A153-DD4B9BF0053D", "versionEndExcluding": "14.10", "versionStartIncluding": "14.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:4.2:milestone1:*:*:*:*:*:*", "matchCriteriaId": "61814CC0-5C6A-469F-8436-F39577949E04", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:4.2:milestone2:*:*:*:*:*:*", "matchCriteriaId": "CFC3527D-024A-47A6-9684-C37B9CF3AC76", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:4.2:milestone3:*:*:*:*:*:*", "matchCriteriaId": "BC907C33-432E-4153-B1A2-9B8BF9167E1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:4.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "EFF3A761-5E8B-447D-94D8-04895755876C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting in version 4.2-milestone-1 and prior to versions 13.10.11, 14.4.7, and 14.10, the default macro content parser doesn't preserve the restricted attribute of the transformation context when executing nested macros. This allows executing macros that are normally forbidden in restricted mode, in particular script macros. The cache and chart macros that are bundled in XWiki use the vulnerable feature. This has been patched in XWiki 13.10.11, 14.4.7 and 14.10. To avoid the exploitation of this bug, comments can be disabled for untrusted users until an upgrade to a patched version has been performed. Note that users with edit rights will still be able to add comments via the object editor even if comments have been disabled."}, {"lang": "es", "value": "XWiki Rendering es un sistema de renderizado gen\u00e9rico que convierte la entrada textual en una sintaxis dada (sintaxis wiki, HTML, etc.) en otra sintaxis (XHTML, etc.). A partir de la versi\u00f3n 4.2-milestone-1 y anteriores a las versiones 13.10.11, 14.4.7 y 14.10, el analizador de contenido de macros predeterminado no conserva el atributo restringido del contexto de transformaci\u00f3n al ejecutar macros anidadas. Esto permite ejecutar macros que normalmente est\u00e1n prohibidas en modo restringido, en particular las macros de script. Las macros de cach\u00e9 y gr\u00e1ficos incluidas en XWiki utilizan esta funci\u00f3n vulnerable. Esto se ha corregido en XWiki 13.10.11, 14.4.7 y 14.10. Para evitar que se aproveche este fallo, se pueden desactivar los comentarios para usuarios no confiables hasta que se actualice a una versi\u00f3n corregida. Tenga en cuenta que los usuarios con permisos de edici\u00f3n podr\u00e1n a\u00f1adir comentarios a trav\u00e9s del editor de objetos, incluso si los comentarios se han desactivado."}], "id": "CVE-2025-53836", "lastModified": "2025-08-26T17:52:16.700", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-07-15T00:15:22.370", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/xwiki/xwiki-rendering/commit/c73fa3ccd4ac59057e48e5d4325f659e78e8f86d"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-32mf-57h2-64x9"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://jira.xwiki.org/browse/XRENDERING-689"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://jira.xwiki.org/browse/XWIKI-20375"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Third Party Advisory"], "url": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-32mf-57h2-64x9"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}, {"lang": "en", "value": "CWE-863"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"created": "2025-07-16T21:35:33.946170+00:00", "updated": "2025-07-16T21:35:33.946233+00:00", "vendors": ["xwiki", "xwiki$PRODUCT$xwiki-rendering"]}