CNNVD-202512-608 Information

CNNVD ID

CNNVD-202512-608

Related CVE

CVE-2025-65036

• CNNVD Published: 2025-12-05

Description (Chinese)

xwiki-pro-macros是XWiki SAS开源的一个工具。可以增强 XWiki 的功能。 xwiki-pro-macros 1.27.1之前版本存在安全漏洞，该漏洞源于未检查权限执行Velocity，可能导致远程代码执行。

Description (English)

xwiki-pro-macros is an open source tool for XWiki SAS. The function of XWiki can be enhanced. There was a security loophole in the version before xwiki-pro-macros 1.271, which stemmed from the failure to check permission to implement Velocity, which could lead to remote code execution.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

XWiki SAS

Published

2025-12-05

Last Modified

2026-02-24

References

https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-472x-fwh9-r82f https://access.redhat.com/security/cve/cve-2025-65036

Patch

https://github.com/xwikisas/xwiki-pro-macros/tags