VYPR
Moderate severityNVD Advisory· Published Nov 19, 2025· Updated Nov 19, 2025

XWiki view file macro: User can view content of office file without view rights on the attachment

CVE-2025-65089

Description

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to version 1.27.0, a user with no view rights on a page may see the content of an office attachment displayed with the view file macro. This issue has been patched in version 1.27.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
com.xwiki.pro:xwiki-pro-macros-uiMaven
< 1.27.01.27.0

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.