CVE-2025-49583
XWiki is a generic wiki platform. When a user without script right creates a document with an `XWiki.Notifications.Code.NotificationEmailRendererClass` object, and later an admin edits and saves that document, the email templates in this object will be used for notifications. No malicious code can be executed, though, as while these templates allow Velocity code, the existing generic analyzer already warns admins before editing Velocity code. The main impact would thus be to send spam, e.g., with phishing links to other users or to hide notifications about other attacks. Note that warnings before editing documents with dangerous properties have only been introduced in XWiki 15.9, before that version, this was a known issue and the advice was simply to be careful. This has been patched in XWiki 16.10.2, 16.4.7 and 15.10.16 by adding an analysis for the respective XClass properties.
https://nvd.nist.gov/vuln/detail/CVE-2025-49583
Categories
CWE-270 : Privilege Context Switching Error
The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control. Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software. Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations. Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource. Web browser cross domain problem when user hits "back" button. Web browser cross domain problem when user hits "back" button. Cross-domain issue - third party product passes code to web browser, which executes it in unsafe zone. Run callback in different security context after it has been changed from untrusted to trusted. * note that "context switch before actions are completed" is one type of problem that happens frequently, espec. in browsers.
References
security-advisories@github.com
CPE
REMEDIATION
EXPLOITS
Exploit-db.com
| id |
description |
date |
|
| No known exploits |
POC Github
Other Nist (github, ...)
CAPEC
Common Attack Pattern Enumerations and Classifications
| id |
description |
severity |
| 17 |
Using Malicious Files
An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface. [Determine File/Directory Configuration] The adversary looks for misconfigured files or directories on a system that might give executable access to an overly broad group of users. [Upload Malicious Files] If the adversary discovers a directory that has executable permissions, they will attempt to upload a malicious file to execute. [Execute Malicious File] The adversary either executes the uploaded malicious file, or executes an existing file that has been misconfigured to allow executable access to the adversary. |
Very High |
| 30 |
Hijacking a Privileged Thread of Execution
An adversary hijacks a privileged thread of execution by injecting malicious code into a running process. By using a privleged thread to do their bidding, adversaries can evade process-based detection that would stop an attack that creates a new process. This can lead to an adversary gaining access to the process's memory and can also enable elevated privileges. The most common way to perform this attack is by suspending an existing thread and manipulating its memory. [Determine target thread] The adversary determines the underlying system thread that is subject to user-control [Gain handle to thread] The adversary then gains a handle to a process thread. [Alter process memory] Once the adversary has a handle to the target thread, they will suspend the thread and alter the memory using native OS calls. [Resume thread execution] Once the process memory has been altered to execute malicious code, the thread is then resumed. |
Very High |
| 35 |
Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. |
Very High |
MITRE
Techniques
| id |
description |
| T1027.006 |
Obfuscated Files or Information: HTML Smuggling |
| T1027.009 |
Obfuscated Files or Information: Embedded Payloads |
| T1055.003 |
Process Injection: Thread Execution Hijacking |
| T1564.009 |
Hide Artifacts: Resource Forking |
| T1574.005 |
Hijack Execution Flow: Executable Installer File Permissions Weakness |
| T1574.010 |
Hijack Execution Flow: ServicesFile Permissions Weakness |
| © 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. |
Mitigations
| id |
description |
| M1048 |
Browser sandboxes can be used to mitigate some of the impact of exploitation, but sandbox escapes may still exist.
|
| M1040 |
On Windows 10, enable Attack Surface Reduction (ASR) rules to prevent execution of potentially obfuscated scripts. |
| M1040 |
Some endpoint security solutions can be configured to block some types of process injection based on common sequences of behavior that occur during the injection process. |
| M1013 |
Configure applications to use the application bundle structure which leverages the <code>/Resources</code> folder location. |
| M1018 |
Limit privileges of user accounts and groups so that only authorized administrators can interact with service changes and service binary target path locations. Deny execution from user directories such as file download directories and temp directories where able. |
| M1018 |
Limit privileges of user accounts and groups so that only authorized administrators can interact with service changes and service binary target path locations. Deny execution from user directories such as file download directories and temp directories where able. |
| © 2022 The MITRE Corporation. Esta obra se reproduce y distribuye con el permiso de The MITRE Corporation. |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
Discover this offer
