CNNVD-202509-1209 Information

Sep 09, 2025 cve

CNNVD ID

CNNVD-202509-1209

CVE-2025-55729

  • CNNVD Published: 2025-09-09

Description (Chinese)

xwiki-pro-macros是XWiki SAS开源的一个工具。可以增强 XWiki 的功能。 xwiki-pro-macros 1.26.5之前版本存在安全漏洞,该漏洞源于缺少对ac:type参数的转义,可能导致远程代码执行。

Description (English)

xwiki-pro-macros is an open source tool for XWiki SAS. The function of XWiki can be enhanced. Xwiki-pro-macros 1.26.5 contains a security loophole, which stems from a lack of transposition of ac:type parameters, which may lead to remote code execution.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

XWiki SAS

Published

2025-09-09

Last Modified

2026-02-24

References

https://github.com/xwikisas/xwiki-pro-macros/commit/06e6cf3893227527d0242a11e390642178d9df05 https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-22xj-jpjg-gpgw https://github.com/xwikisas/xwiki-pro-macros/blob/93ac1a38c829e3ef787379b2b45eb043a573e5f7/xwiki-pro-macros-confluence-bridges/xwiki-pro-macros-confluence-bridges-ui/src/main/resources/Confluence/Macros/ConfluenceLayoutSection.xml#L518 https://jira.xwiki.org/browse/XWIKI-20449 https://access.redhat.com/security/cve/cve-2025-55729

Patch

https://github.com/xwikisas/xwiki-pro-macros/tags

Share on: