#rce

The update patches three zero-days and introduces a new PowerShell warning meant to help you avoid accidentally running unsafe code from the web.

### Impact Any user who can edit their own user profile or any other document can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The reason is that rendering output is included as content of HTML macros with insufficient escaping, and it is thus possible to close the HTML macro and inject script macros that are executed with programming rights. To demonstrate, the content `{{html}}{{/html {{/html}}}}` can be inserted into any field of the user profile that supports wiki syntax like the "About" field. If this leads to the display of raw HTML, the instance is vulnerable. ### Patches This problem has been patched by extending the escaping introduced by [XRENDERING-693](https://jira.xwiki.org/browse/XRENDERING-693) to also cover closing HTML macros that have spaces after the macro name in XWiki 16.10.10, 17.4.3 and 17.6.0RC1. A [similar fix](https://github.com/xwiki/xwik...

### Impact A reflected XSS vulnerability in XWiki allows an attacker to send a victim to a URL with a deletion confirmation message on which the attacker-supplied script is executed when the victim clicks the "No" button. When the victim has admin or programming right, this allows the attacker to execute basically arbitrary actions on the XWiki installation including remote code execution. ### Patches This vulnerability has been patched in XWiki 16.10.10, 17.4.2 and 17.5.0 by using the affected URL parameter only in the intended context. ### Workarounds The [patch](https://github.com/xwiki/xwiki-platform/commit/cb578b1b2910d06e9dd7581077072d1cfbd280f2) can be manually applied to the templates that are present in the WAR. A restart of XWiki is needed for the changes to be applied.

Microsoft closed out 2025 with patches for 56 security flaws in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild. Of the 56 flaws, three are rated Critical, and 53 are rated Important in severity. Two other defects are listed as publicly known at the time of the release. These include 29 privilege escalation, 18 remote code

Fortinet, Ivanti, and SAP have moved to address critical security flaws in their products that, if successfully exploited, could result in an authentication bypass and code execution. The Fortinet vulnerabilities affect FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager and relate to a case of improper verification of a cryptographic signature. They are tracked as CVE-2025-59718 and

The Patch Tuesday for December of 2025 includes 57 vulnerabilities, including two that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.” Microsoft assessed that exploitation of the two “critical” vulnerabilities is “less likely.”

Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed vulnerabilities.

### Impact `MySQLSelectTool` is intended to be a read-only SQL tool (e.g., for LLM agent querying). However, validation based on the first keyword (e.g., `SELECT`) and a forbidden-keyword list does not block file-writing constructs such as `INTO OUTFILE` / `INTO DUMPFILE`. As a result, an attacker who can influence the tool input (e.g., prompt injection through a public agent endpoint) may be able to write arbitrary content to files on the DB server. If the MySQL/MariaDB account has the `FILE` privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory), the impact can escalate to remote code execution on the application host (for example, by writing a PHP web shell). **Who is impacted:** Deployments that expose an agent using `MySQLSelectTool` to untrusted input and run with overly-permissive DB privileges/configuration. ### Patches **Not patched in:** 2.8.11 **Fixed in:** 2.8.12 Recommended fix direction: - Explicitly reject q...

### Summary Siyuan is vulnerable to RCE. The issue stems from a "Zip Slip" vulnerability during zip file extraction, combined with the ability to overwrite system executables and subsequently trigger their execution. ### Steps to reproduce 1. Authenticate 2. Create zip slip payload with path traversal entry `../../../../opt/siyuan/startup.sh`. startup.sh contains malicious code like: ```bash #!/bin/sh echo 'you have been pwned' > /siyuan/workspace/data/pwned.txt echo "pandoc 3.1.0" ``` 3. Upload zip to workspace via `/api/file/putFile` 4. Extract zip via `/api/archive/unzip`, overwrites the existing executable `startup.sh` while maintaining the +x permission 5. Trigger execution by calling `/api/setting/setExport` with `pandocBin=/opt/siyuan/startup.sh`. This calls `IsValidPandocBin()` which executes `startup.sh --version` that outputs "pandoc 3.1.0" and executes any arbitrary malicious code

### Summary Function [**importZipMd**](https://github.com/siyuan-note/siyuan/blob/dae6158860cc704e353454565c96e874278c6f47/kernel/api/import.go#L190) is vulnerable to **ZipSlip** which allows an authenticated user to overwrite files on the system. ### Details An authenticated user with access to the import functionality in notes is able to overwrite any file on the system, the vulnerable function is [**importZipMd**](https://github.com/siyuan-note/siyuan/blob/dae6158860cc704e353454565c96e874278c6f47/kernel/api/import.go#L190), this can escalate to full code execution under some circumstances, for example using the official **docker image** it is possible to overwrite **entrypoint.sh** and after a container restart it will execute the changed code causing remote code execution. ### PoC Code used to generate the ZipSlip: ```python #!/usr/bin/env python3 import sys, base64, zipfile, io, time def prepare_zipslip(filename): orgfile1 = open('Test.md','rb').read() payload = open(...