CVE-2025-49582: 
Java vulnerability analysis and mitigation

CVE-2025-49582 affects XWiki, a generic wiki platform, discovered in version 15.9RC1 and patched in versions 16.4.7, 16.10.3, and 17.0.0. The vulnerability involves incomplete required rights analyzers that trigger warnings when editing content containing dangerous macros authored by users with fewer rights. These analyzers fail to properly analyze non-lowercase parameters and certain macro parameters that can contain XWiki syntax (GitHub Advisory).

The vulnerability stems from several analyzer limitations: they don't consider non-lowercase parameters, fail to analyze macro parameters that can contain XWiki syntax (like titles of information boxes), and don't properly analyze the 'source' parameters of content and context macros that could contain arbitrary XWiki syntax. The issue has a CVSS v4.0 base score of 8.6 (HIGH) with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N (NVD, Wiz).

In the worst-case scenario, this vulnerability allows an attacker to hide malicious content, including malicious script macros (Groovy or Python), in a page. When a user with programming rights edits the page, these hidden macros can be executed, potentially leading to remote code execution. This creates a privilege escalation path from a low-privileged user to achieving code execution with higher privileges (GitHub Advisory).

The vulnerability has been patched in XWiki versions 16.4.7, 16.10.3, and 17.0.0. The required rights analyzers have been made more robust and extended to cover the vulnerable cases. No effective workarounds are available except for being careful when editing content authored by untrusted users (GitHub Advisory).