CVE-2025-46558
Published: 30 April 2025
Summary
CVE-2025-46558 is a critical-severity Cross-site Scripting (CWE-79) vulnerability in Xwiki Xwiki. Its CVSS base score is 9.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked in the top 23.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
XWiki Contrib's Syntax Markdown component, used for importing Markdown content into wiki pages and creating wiki content in Markdown, is affected by a cross-site scripting vulnerability in versions 8.2 through 8.9. The flaw stems from insufficient sanitization of HTML embedded within Markdown syntax, allowing arbitrary JavaScript execution under CWE-79.
Any authenticated user can exploit the issue by inserting malicious Markdown content into documents or comments, causing the script to run in the browsers of other users who view the page. When executed in the context of an account holding admin or programming rights, the attack can fully compromise the confidentiality, integrity, and availability of the XWiki instance, consistent with the reported CVSS 9.0 score.
The vulnerability was addressed in release 8.9, as documented in the project's GitHub security advisory, the associated commit, and the linked Jira issue MARKDOWN-80.
The EPSS score rose from a low baseline to a peak of 0.0303 on 2026-02-24 before receding to the current value of 0.0093, indicating a period of increased exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-12747
Vulnerability details
XWiki Contrib's Syntax Markdown allows importing Markdown content into wiki pages and creating wiki content in Markdown. In versions starting from 8.2 to before 8.9, the Markdown syntax is vulnerable to cross-site scripting (XSS) through HTML. In particular, using Markdown…
more
syntax, it's possible for any user to embed Javascript code that will then be executed on the browser of any other user visiting either the document or the comment that contains it. In the instance that this code is executed by a user with admins or programming rights, this issue compromises the confidentiality, integrity and availability of the whole XWiki installation. This issue has been patched in version 8.9.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The stored XSS vulnerability in XWiki's Markdown syntax allows low-privileged users to inject HTML/JavaScript into wiki pages or comments, executing in visitors' browsers (including admins), enabling drive-by compromise (T1189) and exploitation of a public-facing web application (T1190).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Penetration testing submits XSS payloads to web applications, detecting cross-site scripting flaws for subsequent remediation.
Validates web inputs to reject script-related content that could produce XSS.
Output validation against expected content can reject or sanitize script content in generated web pages, reducing XSS exploitability.