CVE-2025-55729 is a critical remote code execution vulnerability affecting the xwiki-pro-macros product from the xwikisas project, specifically versions from 1.0 up to but not including 1.26.5. The vulnerability arises from improper encoding or escaping of output (CWE-116) in the handling of the ac:type attribute within the ConfluenceLayoutSection macro. This macro is used to facilitate content migration from Confluence to XWiki. The vulnerability stems from the fact that the classes parameter is used without proper escaping in XWiki syntax, which allows an attacker with edit permissions on any page to inject malicious XWiki syntax. This injection can lead to remote code execution (RCE) on the server hosting the XWiki instance. The vulnerability is exploitable without authentication (PR:N) and requires no user interaction (UI:N), making it highly accessible to attackers who can edit pages. The CVSS v3.1 base score is 10.0, indicating a critical severity with full impact on confidentiality, integrity, and availability, and network attack vector. The issue was fixed in version 1.26.5 by properly escaping the ac:type and classes parameters to prevent syntax injection. No known exploits in the wild have been reported yet, but the ease of exploitation and severity make this a high-risk vulnerability for organizations using affected versions of xwiki-pro-macros.

For European organizations using XWiki with the xwiki-pro-macros plugin versions prior to 1.26.5, this vulnerability poses a severe risk. An attacker with edit permissions—which may be granted to a wide range of users in collaborative environments—can execute arbitrary code on the server. This can lead to full system compromise, data theft, data manipulation, or service disruption. Given that XWiki is often used for internal documentation, knowledge bases, and collaboration, exploitation could expose sensitive corporate information or disrupt critical business processes. The vulnerability's ability to be exploited remotely without authentication increases the attack surface, especially in organizations with publicly accessible or poorly segmented XWiki instances. Additionally, the scope of impact extends to the entire server environment, potentially affecting other integrated systems or services. The critical severity and ease of exploitation necessitate immediate attention to prevent potential data breaches and operational impacts.

European organizations should immediately upgrade xwiki-pro-macros to version 1.26.5 or later, where the vulnerability is patched. Until the upgrade can be performed, organizations should restrict edit permissions on XWiki pages to trusted users only, minimizing the risk of malicious syntax injection. Implement network segmentation and firewall rules to limit access to the XWiki server, especially from untrusted networks. Conduct thorough audits of user permissions and review page histories for suspicious edits. Employ web application firewalls (WAFs) with custom rules to detect and block attempts to inject malicious XWiki syntax or unusual payloads targeting the ConfluenceLayoutSection macro. Regularly monitor logs for anomalous activities related to page edits or macro usage. Finally, integrate vulnerability scanning and patch management processes to ensure timely updates of XWiki components and related plugins.