CVE Tools

CVE-2025-65091

XWiki Full Calendar Macro vulnerable to SQL injection through Calendar.JSONService

Published: Jan 10, 2026Updated: Jan 29, 2026 Sources: CVE List NVD GHSA BDUCWE-89

10.0CVSSCRITICAL

No Known Exploits

Patch Available

Description

XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.5, users with the right to view the Calendar.JSONService page (including guest users) can exploit a SQL injection vulnerability by accessing database info or starting a DoS attack. This issue has been patched in version 2.4.5.

CVSS Vector Breakdown

Exploitability

AV:NAttack Vector

Network

AC:LAttack Complexity

Low

PR:NPrivileges Required

None

UI:NUser Interaction

None

Scope

S:CScope

Changed

Impact

C:HConfidentiality

High

I:HIntegrity

High

A:HAvailability

High

Open in CVSS calculator →

Weaknesses

Affected Products

full calendar macro xwiki

On-prem

Web & CMS Plugins / cms-core

org.xwiki.contrib:macro-fullcalendar-pom Maven OSS Libraries

Full Calendar Macro XWiki SAS

Mixed

Web & CMS Plugins / cms-core

macro-fullcalendar xwiki-contrib

On-prem

Web & CMS Plugins / cms-core

xwikioss-projectFRWeb & CMS Pluginsaka xwiki-platform, xwiki-commons

mavenpackage-ecosystemOSS Libraries

xwiki sascommercialWeb & CMS Plugins

xwiki-contriboss-projectWeb & CMS Pluginsaka xwiki contrib, xwiki-contrib

Attack Graph

Products CVE Techniques Tactics

Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.

Exploitability

Official Patch Available

MITRE ATT&CK

1 technique

Initial Access

View detailed technique mapping

References

https://github.com/xwiki-contrib/macro-fullcalendar/commit/5fdcf06a05015786492fda69b4d9dea5460cc994

https://github.com/xwiki-contrib/macro-fullcalendar/security/advisories/GHSA-2g22-wg49-fgv5

https://nvd.nist.gov/vuln/detail/CVE-2025-65091

and 3 more references View all →

Timeline

Published

Jan 10, 2026

Last Updated

Jan 29, 2026

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2025-65091 and every CVE in our database. Create a free account — no credit card required.

Create Free Account

Plain-language analysis

Impact assessment and exploitation scenario in plain English

Attack graph visualization

Interactive attack path and kill chain mapping

Exploit details & PoC links

ExploitDB, Metasploit, GitHub PoCs with direct links

Nuclei scanner templates

Ready-to-use vulnerability scanner templates

Full remediation guide

Patch instructions, workarounds, and compliance impact

Interactive AI chat

Ask questions about this vulnerability in natural language

Related vulnerabilities

Semantically similar CVEs and attack patterns

REST API & MCP access

Integrate vulnerability data into your workflows