CNNVD-202511-2170 Information

CNNVD ID

CNNVD-202511-2170

Related CVE

CVE-2025-65089

• CNNVD Published: 2025-11-19

Description (Chinese)

Pro Macros是XWiki SAS开源的一个XWiki增强插件。 Pro Macros 1.27.0之前版本存在安全漏洞，该漏洞源于无查看权限的用户可能通过view file宏查看办公附件内容。

Description (English)

Pro Macros is an XWiki enhancement plugin for XWiki SAS open source. Pre-Pro Macros 1.2.7.0 version contains a security loophole, which stems from the possibility that users without access may view office attachments through a view file macro.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

XWiki SAS

Published

2025-11-19

Last Modified

2026-02-24

References

https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-8c52-x9w7-vc95 https://access.redhat.com/security/cve/cve-2025-65089

Patch

https://github.com/xwikisas/xwiki-pro-macros