CVE-2025-55727 is a critical remote code execution vulnerability affecting the xwiki-pro-macros component of the XWiki platform, specifically in versions from 1.0 up to but not including 1.26.5. The vulnerability arises due to improper neutralization of directives in dynamically evaluated code (CWE-95), commonly known as 'Eval Injection.' The root cause is the lack of escaping for the 'width' parameter in the column macro of the XWiki Remote Macros plugin, which is used for migrating content from Confluence. This parameter is processed without proper sanitization in XWiki syntax, allowing an attacker with edit permissions on any page or access to the CKEditor converter to inject malicious XWiki syntax. If the macro is installed by a user with programming rights, this injection can escalate to remote code execution on the server. Even without programming rights, an attacker can execute Velocity code with wiki admin privileges, leading to full compromise of the wiki instance. The vulnerability is exploitable remotely without authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The flaw affects the confidentiality, integrity, and availability of the system, as attackers can execute arbitrary code, potentially leading to data theft, defacement, or denial of service. The issue was patched in version 1.26.5 of xwiki-pro-macros, which properly escapes the 'width' parameter to prevent injection. No known exploits are reported in the wild yet, but the critical severity and ease of exploitation make this a high-risk vulnerability for affected deployments.

For European organizations using XWiki with the vulnerable xwiki-pro-macros versions, this vulnerability poses a severe risk. Attackers can gain full control over the wiki platform, which often contains sensitive corporate documentation, internal communications, and project data. The ability to execute arbitrary code remotely without authentication means that attackers can compromise the confidentiality of sensitive information, alter or delete critical data, and disrupt business operations by causing service outages. This is particularly impactful for organizations relying on XWiki for knowledge management, compliance documentation, or collaborative workflows. Additionally, compromised wiki servers can be used as pivot points for lateral movement within corporate networks, increasing the risk of broader breaches. The vulnerability also threatens the integrity of information, which can have regulatory and reputational consequences under European data protection laws such as GDPR. Given the critical CVSS score of 10, the potential impact on European enterprises is substantial, especially for sectors like finance, healthcare, government, and critical infrastructure where XWiki might be deployed.

European organizations should immediately assess their XWiki deployments to identify if xwiki-pro-macros versions prior to 1.26.5 are in use. The primary mitigation is to upgrade the xwiki-pro-macros plugin to version 1.26.5 or later, which contains the patch that properly escapes the 'width' parameter. Until the upgrade is applied, organizations should restrict edit permissions and CKEditor converter access to trusted users only, ideally limiting programming rights to a minimal set of administrators. Implementing strict input validation and sanitization policies for wiki content can reduce risk, although this is a partial mitigation. Monitoring wiki logs for unusual syntax injection patterns or unexpected Velocity code execution attempts can help detect exploitation attempts. Network-level protections such as web application firewalls (WAFs) can be tuned to detect and block suspicious payloads targeting the vulnerable macro parameters. Finally, organizations should ensure that backup and recovery procedures are in place to restore integrity in case of compromise.