- Description
- XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.5, users with the right to view the Calendar.JSONService page (including guest users) can exploit a SQL injection vulnerability by accessing database info or starting a DoS attack. This issue has been patched in version 2.4.5.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- full_calendar_macro
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-89
- Hype score
- Not currently trending
CVE-2025-65091 (CVSS:10.0, CRITICAL) is Awaiting Analysis. XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.5, users with the right t..https://t.co/wiqPdug0am #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
15 Jan 2026
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The XWiki Full Calendar Macro (CVE-2025-65091) is vulnerable to SQL injection via Calendar.JSONService, potentially leading to data compromise. Maintainers should review. #SQLi #XWiki #infosec https://t.co/ppIrlfsUoe
@pulsepatchio
10 Jan 2026
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-65091 SQL Injection in XWiki Full Calendar Macro Before Version 2.4.5 https://t.co/9XmUxCgbhS
@VulmonFeeds
10 Jan 2026
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐จ New Critical Vulnerability Alert ๐ CVE-2025-65091 ๐ Score: 10.0 ๐ Read Intel: https://t.co/02P8ePmlU8 #CVE #CyberSecurity #WatchStack
@watchstackio
10 Jan 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐ด CVE-2025-65091 - Critical XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.5, users with the right to view the Calendar.JSONService page (including guest users) can ex... https://t.co/OHdUyi2uma https://t.co/MpCBEd7YrV
@TheHackerWire
10 Jan 2026
56 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-65091: CRITICAL] XWiki Full Calendar Macro prior to version 2.4.5 had a SQL injection vulnerability allowing users to access database info. Update to version 2.4.5 to patch this cyber security issue.#cve,CVE-2025-65091,#cybersecurity https://t.co/vTYfGI5msR https://t.co
@CveFindCom
10 Jan 2026
259 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xwiki:full_calendar_macro:*:*:*:*:*:xwiki:*:*",
"matchCriteriaId": "EC1421C8-91F0-458A-9BCB-AC26DB09BBA7",
"versionEndExcluding": "2.4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]