CVE-2025-58365: 
Java vulnerability analysis and mitigation

CVE-2025-58365 affects the XWiki blog application prior to version 9.14. The vulnerability was discovered and disclosed on September 8, 2025. The issue allows users of the XWiki platform who have edit rights on any page (typically all logged-in users who can edit their own user profile) to execute remote code through the blog application (GitHub Advisory).

The vulnerability is classified as an Improper Neutralization of Directives in Dynamically Evaluated Code (Eval Injection) vulnerability (CWE-95). It has received a CVSS v4.0 base score of 8.7 (High), with the following vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N. The exploit involves adding an object of type Blog.BlogPostClass to any page and inserting script macro with malicious code into the 'Content' field of that object (GitHub Advisory, JIRA Issue).

The vulnerability allows attackers to achieve remote code execution with elevated privileges. This can lead to unauthorized access to system resources, potential data breaches, and compromise of the affected XWiki installation. The impact is particularly severe as it affects all logged-in users who have basic edit rights (GitHub Advisory).

The vulnerability has been patched in the blog application version 9.14 by implementing proper authorization controls that execute the content of blog posts with the rights of the appropriate author. No known workarounds are available for unpatched versions. Users are strongly advised to upgrade to version 9.14 or later (GitHub Advisory).