CVE-2025-55730 is a critical remote code execution (RCE) vulnerability affecting the xwiki-pro-macros component of the XWiki platform, specifically the Remote Macros used for migrating content from Confluence. The vulnerability arises due to improper encoding or escaping of output (CWE-116) in the handling of the 'title' attribute within the confluence paste code macro. Versions from 1.0 up to but not including 1.26.5 are affected. The flaw allows any user with page editing permissions to inject malicious XWiki syntax through the 'classes' parameter, which is not properly escaped. This injection leads to execution of arbitrary code on the server hosting XWiki, without requiring authentication beyond edit rights or user interaction. The vulnerability has a CVSS 3.1 base score of 10.0, indicating maximum severity, with attack vector being network-based, no privileges or user interaction required, and full impact on confidentiality, integrity, and availability. The issue was fixed in version 1.26.5. No known exploits have been reported in the wild yet. The vulnerability is particularly dangerous because XWiki is often used as a collaborative enterprise wiki platform, and the ability for any editor to execute code remotely can lead to full system compromise, data theft, or disruption of services.

For European organizations using XWiki with the vulnerable xwiki-pro-macros versions, this vulnerability poses a severe risk. Attackers can gain full control over the affected servers, potentially accessing sensitive corporate data, intellectual property, or internal communications stored in the wiki. This can lead to data breaches violating GDPR regulations, resulting in heavy fines and reputational damage. The integrity of documentation and collaborative content can be compromised, affecting business operations and decision-making. Availability can also be impacted if attackers deploy ransomware or disrupt services. Given the ease of exploitation (no authentication beyond edit rights and no user interaction), insider threats or compromised user accounts can be leveraged to execute attacks. The vulnerability also increases the risk of lateral movement within corporate networks if the wiki server is connected to internal systems. The lack of known exploits in the wild currently provides a window for mitigation, but the critical severity demands immediate action.

European organizations should urgently upgrade xwiki-pro-macros to version 1.26.5 or later, where the vulnerability is patched. If immediate upgrade is not feasible, organizations should restrict editing permissions strictly to trusted users, minimizing the number of users who can edit pages. Implement network segmentation to isolate the XWiki server from sensitive internal systems. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious XWiki syntax injection patterns in requests targeting the confluence paste code macro. Conduct thorough audits of user permissions and monitor logs for unusual editing activities or syntax injection attempts. Additionally, consider disabling the vulnerable macro if not essential for business processes. Regularly back up wiki content and system configurations to enable recovery in case of compromise. Finally, keep abreast of any emerging exploit reports and apply security advisories promptly.