CVE-2025-58365: 
Java vulnerability analysis and mitigation

CVE-2025-58365 is a remote code execution vulnerability in the XWiki blog application discovered in September 2025. The vulnerability affects versions prior to 9.14 of the XWiki blog application and allows users with edit rights on any page to execute arbitrary code. This includes all logged-in users who can edit their own user profile (GitHub Advisory).

The vulnerability is classified as CWE-95 (Improper Neutralization of Directives in Dynamically Evaluated Code) with a CVSS v4.0 score of 8.7 (HIGH). The attack vector is network-based with low attack complexity, requiring low privileges and no user interaction. The vulnerability allows for high impact on confidentiality, integrity, and availability of the vulnerable system (GitHub Advisory, NVD).

The vulnerability allows attackers to achieve remote code execution by adding an object of type Blog.BlogPostClass to any page and inserting script macro with exploit code in the Content field. This enables privilege escalation from a regular user account to programming rights, potentially compromising the entire system (GitHub Advisory, JIRA Issue).

The vulnerability has been patched in the blog application version 9.14 by implementing proper execution rights control, ensuring that blog post content is executed with the rights of the appropriate author. No known workarounds are available for unpatched versions (GitHub Advisory).