CVE-2025-65091 is a severe SQL injection vulnerability classified under CWE-89 affecting the xwiki-contrib macro-fullcalendar component, which is used to display wiki objects on a calendar interface. Versions prior to 2.4.5 improperly neutralize special elements in SQL commands within the Calendar.JSONService endpoint, allowing attackers to inject malicious SQL queries. Notably, the vulnerability can be exploited by any user with viewing rights to the Calendar.JSONService page, including unauthenticated guest users, due to insufficient access controls. Exploitation can lead to unauthorized data access, data manipulation, or denial of service by overwhelming the database. The vulnerability has a CVSS v3.1 base score of 10.0, indicating critical severity with network attack vector, no privileges required, no user interaction, and complete impact on confidentiality, integrity, and availability. Although no known exploits are currently reported in the wild, the ease of exploitation and impact severity make this a high-risk vulnerability. The issue was publicly disclosed and patched in version 2.4.5, emphasizing the need for immediate updates.

For European organizations, the impact of CVE-2025-65091 is substantial. Many enterprises, educational institutions, and government agencies in Europe utilize XWiki for collaborative documentation and knowledge management. Exploitation could lead to unauthorized disclosure of sensitive information, including intellectual property, personal data protected under GDPR, and internal communications. Data integrity could be compromised, leading to misinformation or operational disruptions. Additionally, attackers could launch denial of service attacks against the database backend, causing service outages and impacting business continuity. The vulnerability's accessibility to unauthenticated users increases the risk of widespread exploitation, potentially affecting multiple organizations simultaneously. Given the criticality, organizations face regulatory, reputational, and operational risks if they fail to remediate promptly.

European organizations should immediately upgrade the xwiki-contrib macro-fullcalendar component to version 2.4.5 or later, where the vulnerability is patched. Until patching is possible, restrict access to the Calendar.JSONService page by implementing strict access controls, such as IP whitelisting or authentication enforcement, to prevent guest or unauthorized user access. Employ web application firewalls (WAFs) with SQL injection detection and prevention rules tailored to XWiki traffic patterns. Conduct thorough audits of XWiki installations to identify vulnerable versions and monitor logs for suspicious activity targeting the Calendar.JSONService endpoint. Additionally, implement network segmentation to isolate critical wiki infrastructure and enforce the principle of least privilege for users accessing wiki services. Regularly review and update security policies to include prompt patch management and vulnerability scanning for third-party components like XWiki macros.