CVE-2025-65089 is a vulnerability classified under CWE-862 (Missing Authorization) affecting the xwikisas xwiki-pro-macros product, specifically versions prior to 1.27.0. The vulnerability arises from insufficient authorization checks in the Remote Macros component, which provides rendering macros to facilitate content migration from Confluence. The flaw allows a user who lacks view permissions on a page to nonetheless access the content of office attachments embedded or referenced via the 'view file' macro. This results in unauthorized disclosure of potentially sensitive document contents. The vulnerability does not permit modification or deletion of data, nor does it impact system availability. The CVSS v3.1 base score is 6.8, reflecting a medium severity with the vector AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N, indicating network attack vector, low attack complexity, requiring privileges but with user interaction, and a scope change with high confidentiality impact. The issue was publicly disclosed on November 19, 2025, and has been addressed in xwiki-pro-macros version 1.27.0. No public exploits have been reported to date. The vulnerability is significant in environments where sensitive office documents are stored and rendered via XWiki macros, as unauthorized users could gain access to confidential information without proper permissions.

For European organizations, this vulnerability poses a risk of unauthorized disclosure of sensitive or confidential information contained within office attachments managed by XWiki platforms using the vulnerable macros. This can lead to data breaches, non-compliance with GDPR and other data protection regulations, and potential reputational damage. Sectors such as government, education, healthcare, and enterprises that rely on XWiki for document collaboration and content management are particularly at risk. The confidentiality impact is high, but since integrity and availability are unaffected, the threat is primarily data exposure. Attackers with limited user privileges could exploit this vulnerability remotely with some user interaction, increasing the risk in multi-tenant or collaborative environments. The absence of known exploits in the wild reduces immediate risk but does not eliminate the need for prompt remediation.

European organizations should immediately upgrade xwiki-pro-macros to version 1.27.0 or later to remediate this vulnerability. Until patching is complete, organizations should restrict access to XWiki instances to trusted users only and review user permissions to minimize exposure. Implement network segmentation and access controls to limit external access to XWiki services. Monitor logs for unusual access patterns to office attachments or macro usage. Conduct an audit of sensitive documents accessible via macros and consider temporarily disabling the Remote Macros feature if feasible. Additionally, educate users about the risk of interacting with untrusted content that could trigger macro rendering. Regularly review and update security policies related to collaboration platforms and ensure timely application of security patches.