CVE-2025-24893
Published Feb 20, 2025
Last updated 5 months ago
- Description
- XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to `SolrSearch`. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance, without being logged in, go to `<host>/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28"Hello%20from"%20%2B%20"%20search%20text%3A"%20%2B%20%2823%20%2B%2019%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20`. If there is an output, and the title of the RSS feed contains `Hello from search text:42`, then the instance is vulnerable. This vulnerability has been patched in XWiki 15.10.11, 16.4.1 and 16.5.0RC1. Users are advised to upgrade. Users unable to upgrade may edit `Main.SolrSearchMacros` in `SolrSearchMacros.xml` on line 955 to match the `rawResponse` macro in `macros.vm#L2824` with a content type of `application/xml`, instead of simply outputting the content of the feed.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- xwiki
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- XWiki Platform Eval Injection Vulnerability
- Exploit added on
- Oct 30, 2025
- Exploit action due
- Nov 20, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
The following vulnerabilities have been added to our feed: CVE-2025-53136: NT OS KASLR Bypass CVE-2025-30397: Internet Explorer/Edge Chakra Engine RCE CVE-2025-59287: Windows Server Update RCE CVE-2025-24893: XWiki Groovy Injection RCE https://t.co/Nw6eZdtCs8
@crowdfense
5 Feb 2026
1725 Impressions
5 Retweets
25 Likes
15 Bookmarks
0 Replies
0 Quotes
🛡️ New WAF detections are LIVE! We're now blocking exploits for CVE-2025-64459 (Django SQLi) & CVE-2025-24893 (XWiki RCE). Keeping your apps secure is our priority! 🚀 https://t.co/cC227sZ5h8
@CFchangelog
5 Feb 2026
981 Impressions
2 Retweets
19 Likes
2 Bookmarks
0 Replies
0 Quotes
🛡️ New WAF detections are here! Protecting against critical vulnerabilities like CVE-2025-64459 (Django SQLi) & CVE-2025-24893 (XWiki RCE). We've automatically updated to Block—stay secure! 🚀 https://t.co/kqJ99il42F
@mveracf
5 Feb 2026
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24893 - XWiki Platform injection vulnerability exploited in the wild https://t.co/k0qr05KZSh https://t.co/sEGF9fOLCw
@ErcanSah1n
20 Jan 2026
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical XWiki RCE Exploit Public! 🚨 CVE-2025-24893 allows unauthenticated Remote Code Execution via Groovy script injection. Patch immediately! https://t.co/DZjY4cTDrz #cybersecurity #infosec #RCE #0day #CVE202524893 #exploit 🐛💥🔓
@TheExploitLab
10 Jan 2026
113 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A new botnet called RondoDox is attacking unpatched XWiki servers through a critical bug (CVE-2025-24893, score 9.8). Hackers are using it to spread crypto miners and DDoS tools. https://t.co/0C3cz28wky
@CarterJames6660
22 Dec 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【MBSD-SOCの検知傾向トピックス】 2025年11月分#MBSD#SOCの検知傾向トピックスを公開しました。 今月は、オープンソースのナレッジ管理プラットフォームであるXWikiの脆弱性(CVE-2025-24893)を狙った攻撃が増加し
@mbsdnews
11 Dec 2025
1772 Impressions
5 Retweets
15 Likes
4 Bookmarks
0 Replies
0 Quotes
A RondoDox botnet az XWiki-platformot veszi célba A RondoDox botnet a CVE-2025-24893 azonosítón nyomon követett, kritikus RCE-sérülékenység (remote code execution) kihasználásával az XWiki platformot célozza. Az XWiki egy Java-alapú, nyílt forráskódú vállalati
@linuxmint_hun
2 Dec 2025
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New plugin: XWikiPlugin (CVE-2025-24893, CVE-2025-32429, CVE-2025-52472, CVE-2025-55748). XWiki multiple critical vulnerabilities detection - RCE, SQL/HQL injection, and path traversal. Results: https://t.co/PxFnlE9Gg8 https://t.co/KsHMoApXyo
@leak_ix
1 Dec 2025
850 Impressions
2 Retweets
9 Likes
1 Bookmark
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24893
@transilienceai
24 Nov 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚩 RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet https://t.co/39Up3lx5YW The RondoDox botnet is exploiting CVE-2025-24893 (CVSS 9.8), a critical eval injection flaw in XWiki, to recruit devices for DDoS operations. Exploitation attempts spik
@Huntio
21 Nov 2025
753 Impressions
2 Retweets
8 Likes
2 Bookmarks
0 Replies
0 Quotes
برای پلتفرم Xwiki آسیب پذیری باکد شناسایی CVE-2025-24893 از نوع RCE منتشر شده است. بات نتی به نام RondoDox از این آسیب پذیری برای گرفتن دسترسی به سیستم ها ، استفاده می کند
@EthicalSafe
19 Nov 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🐛🌐 RondoDox Botnet Now Exploits XWiki RCE The RondoDox botnet added a critical XWiki RCE (CVE-2025-24893) to its exploit arsenal to hack servers and expand its reach. #Botnet #XWiki #RCE #ThreatIntel https://t.co/VgLaHIZLm8
@Strivehawk
18 Nov 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚡️ Cybersecurity Developments in the Last 12 Hours ⚡️ 🚨 RondoDox botnet is exploiting a critical XWiki RCE (CVE-2025-24893) to compromise servers, deploy payloads and mine cryptocurrency. Organizations should patch affected XWiki versions immediately. 👾 A research
@greytech_ltd
18 Nov 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【リンク集:2025年11月17~18日のセキュリティ関連ニュース/記事】 <脆弱性> ・XWikiの脆弱性、多様な攻撃で悪用される(CVE-2025-24893) https://t.co/gGhFRePBgz <マルウェア・その他脅威> ・Azure、IPアドレス50万件
@MachinaRecord
18 Nov 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The RondoDox botnet exploits a critical RCE vulnerability (CVE-2025-24893) in XWiki versions before 15.10.11 and 16.4.1, deploying remote shells and crypto miners since November. #XWikiFlaw #BotnetAttack #RondoDox https://t.co/NfHtjnkE3D
@TweetThreatNews
18 Nov 2025
122 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
RondoDoxボットネット、XWikiのCVE-2025-24893 RCEを悪用 https://t.co/zHJJQBgu3K #Security #セキュリティー #ニュース
@SecureShield_
18 Nov 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Unauthenticated RCE Vulnerability in XWiki Platform (CVE-2025-24893, CVSS 9.8) 🚨 A critical unauthenticated RCE vulnerability in XWiki Platform is being actively exploited in the wild. An unauthenticated attacker can achieve RCE by abusing unsafe user-controlled
@censysio
17 Nov 2025
5562 Impressions
14 Retweets
67 Likes
19 Bookmarks
1 Reply
0 Quotes
🚨 Urgent: The RondoDox botnet is actively exploiting a critical XWiki vulnerability (CVE-2025-24893) to take over servers. Patch immediately if you're running XWiki! #CyberSecurity https://t.co/BvG4rzWuGS
@RedTeamNewsBlog
17 Nov 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 يستغل برنامج راندو دوكس الخبيث ثغرة حرجة في منصة XWiki، المسماة CVE-2025-24893، لتنفيذ تعليمات عن بُعد. https://t.co/fLCXJnKTzg
@Cybercachear
17 Nov 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Botnet on the rise: RondoDox is hijacking servers via an unpatched XWiki bug (CVE-2025-24893). If you use XWiki and haven’t patched since Feb, you’re a sitting duck. LCCS is tracking it. Time to lock the doors. https://t.co/YcouhwSXII #CyberSecurity #PatchNow
@lowcountrycyber
17 Nov 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Unpatched XWiki servers are now feeding the RondoDox botnet thanks to CVE-2025-24893. It’s a remote-code free-for-all if you haven’t patched since Feb. SMBs running XWiki: you’re a sitting duck. Lock it down. https://t.co/YcouhwSXII #CyberSecurity #PatchNow
@lowcountrycyber
17 Nov 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RondoDox explora falha crítica no XWiki para ataque com minerador e DDoS: Botnet aproveita a vulnerabilidade CVE-2025-24893 não corrigida para executar código remoto, disparando tentativas de exploração e ataques diversos; atualização imediata é essencial. https://t.co/3h
@caveiratech
17 Nov 2025
38 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
VulnCheck launches Canary Intelligence: real, verified exploitation data from live vulnerable systems — not honeypots. See which CVEs are actually exploited, by whom, and how. Already detecting activity across 231 VulnCheck KEVs and XWiki CVE-2025-24893. https://t.co/78R92h0Z
@VulnCheckAI
17 Nov 2025
122 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
1 Quote
#RondoDox is exploiting the unpatched #XWiki flaw CVE-2025-24893 (CVSS 9.8), enabling unauthenticated RCE via the SolrSearch endpoint. Activity spiked in Nov, with actors deploying cryptominers. CISA added the bug to KEV; mitigations required by Nov 20. https://t.co/SPbNNLyAmF
@MeridianEU
17 Nov 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
"‘"GoldenJackal"’ Threat Actor Exploits Unpatched XWiki RCE to RondoDox botnet exploits unpatched XWiki flaw CVE-2025-24893 for RCE, infecting servers despite February 2025 patches. With a CVSS score of 9.8, it targets vulnerable XWiki servers, expanding its botnet. https://
@Secwiserapp
17 Nov 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 XWiki Platform Security Advisory [—] Nov 17, 2025 Comprehensive security advisory for XWiki Platform, addressing CVE-2025-24893 and related exploitation activities. Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1... https://t.co/AaKzpniJTL
@transilienceai
17 Nov 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A new botnet called RondoDox is attacking unpatched XWiki servers through a critical bug (CVE-2025-24893, score 9.8). Hackers are using it to spread crypto miners and DDoS tools. Learn more ↓ https://t.co/nIThpFV49Y https://t.co/1buPvPFX25
@marylynnjuszcza
16 Nov 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨⚠️ ALERT: RondoDox botnet exploiting XWiki flaw CVE-2025-24893 with CVSS score 9.8! 😱 Hackers targeting unpatched systems for remote code execution! #RondoDox #XWiki #CyberSecurity 🔒 Learn more: https://t.co/jlirLhj3Rt
@JamaalChalid
16 Nov 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24893 XWiki Platform guest can perform RCE through SolrSearch macros request CVSS3 9.8, Impact 5.9, EPSS 99.9%, Exploits available https://t.co/ZSnheqzORQ
@vFeed_IO
16 Nov 2025
83 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2017-1001000 2 - CVE-2025-33073 3 - CVE-2025-26686 4 - CVE-2025-24893 5 - CVE-2025-33053 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
16 Nov 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔍 𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐕𝐄 𝐛𝐫𝐞𝐚𝐤𝐝𝐨𝐰𝐧 𝐚𝐯𝐚𝐢𝐥𝐚𝐛𝐥𝐞 𝐧𝐨𝐰! RondoDox botnet hijacks unpatched XWiki servers via CVE-2025-24893. Discover the scope of the attack and how to defend against it now. 🔗 Get the
@PurpleOps_io
16 Nov 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
15/11/2025 🚨 RondoDox botnet exploits unpatched XWiki servers via CVE-2025-24893 (CVSS 9.8), enabling arbitrary code execution. Urgent patching needed to secure your systems! Source: https://t.co/lD3BCQA6s7
@kernyx64
16 Nov 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RondoDox malware exploits unpatched XWiki servers via CVE-2025-24893, a critical eval injection bug allowing arbitrary code execution, potentially pulling more devices into its botnet. #CyberSecurity #Malware https://t.co/qbD6Hx0ccT
@Cyber_O51NT
16 Nov 2025
757 Impressions
1 Retweet
2 Likes
2 Bookmarks
1 Reply
0 Quotes
RondoDox botnet exploits unpatched XWiki servers via critical CVE-2025-24893 vulnerability to deploy crypto miners and launch DDoS attacks. Exploitation began in March, surging in Nov 2025. #XWikiExploit #BotnetAttack #France https://t.co/423DrlGt67
@TweetThreatNews
15 Nov 2025
124 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
RondoDox botnet is actively exploiting unpatched XWiki servers via CVE-2025-24893, a critical RCE vulnerability. Patch now to prevent your devices from being compromised! 🔒 https://t.co/vZbqNXKKcu #RondoDox #XWiki #Cybersecurity #Vulnerability
@0xT3chn0m4nc3r
15 Nov 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A new botnet called RondoDox is attacking unpatched XWiki servers through a critical bug (CVE-2025-24893, score 9.8). Hackers are using it to spread crypto miners and DDoS tools. Learn more ↓ https://t.co/QgQFKrtqDR
@TheHackersNews
15 Nov 2025
12679 Impressions
31 Retweets
66 Likes
7 Bookmarks
2 Replies
2 Quotes
CVE-2025-24893 - XWiki Platform injection vulnerability exploited in the wild https://t.co/LEdumviIYz https://t.co/nxGpEYLiSq
@SirajD_Official
10 Nov 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24893 - XWiki Platform injection vulnerability exploited in the wild https://t.co/6lHF0hVrNp https://t.co/sMAthsorJD
@CloudVirtues
6 Nov 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
XWiki RCE (CVE-2025-24893) Actively Exploited to Deploy Cryptominers – Patch Immediately Read the full report on - https://t.co/9uBjZ3DD2X https://t.co/EpOSQF5m47
@cyberbivash
4 Nov 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
XWiki SolrSearch Exploit Attempts (CVE-2025-24893) with link to Chicago Gangs/Rappers, (Mon, Nov 3rd) #CISO https://t.co/4WKTikeFo2
@compuchris
3 Nov 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 RCE in XWiki (CVE-2025-24893) lets guest users run arbitrary code via crafted SolrSearch requests. Fixed in 15.10.11 / 16.4.1 / 16.5.0RC1 (July 2024). 30+ exploits on GitHub. Now exploited in the wild to deploy cryptominers. #XWiki #VulnCheck ➡️ https://t.co/7GmzuG0aXx h
@leonov_av
3 Nov 2025
19 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 THREAT INTEL REPORT - Nov 3, 2025 10 CRITICAL CVEs | 11 malicious IPs (100% abuse) | 50 C2 domains | 50 malware hashes TOP THREAT: CVE-2025-24893 (XWiki) → ANY GUEST can execute remote code → Zero auth required BLOCK THESE IPs NOW: 🇺🇸 209.141.33.240 🇺🇸 45.
@webpro255
3 Nov 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-24893 : Hackers Hijack Corporate XWiki Servers for Crypto Mining https://t.co/nGkDBcunhC
@freedomhack101
1 Nov 2025
59 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24893: Eval Injection in XWiki Platform, 9.8 rating 🔥 In a recent post, CISA added an old RCE vulnerability to the list of actively exploited ones. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/fTnrNTvs7H https://t.co/G66zvwrHiV
@Netlas_io
1 Nov 2025
643 Impressions
4 Retweets
14 Likes
4 Bookmarks
0 Replies
0 Quotes
🚨CISA KEV Catalog was updated to include: CVE-2025-41244 & CVE-2025-24893 CVE-2025-41244: Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability CVE-2025-24893: XWiki Platform Eval Injection Vulnerability https://t.co/9idGUA
@DarkWebInformer
30 Oct 2025
3640 Impressions
2 Retweets
19 Likes
3 Bookmarks
1 Reply
0 Quotes
🛡️ We added XWiki Platform CVE-2025-24893 & Broadcom VMware Aria Operations and VMware Tool CVE-2025-41244 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec
@CISACyber
30 Oct 2025
5740 Impressions
11 Retweets
42 Likes
9 Bookmarks
1 Reply
1 Quote
🚨 XWiki CVE-2025-24893 is being actively exploited in the wild. VulnCheck Canaries observed a two-stage attack that installs a coinminer. This CVE is not in CISA KEV, showing real-world exploitation can precede official recognition. 🔗 Full report: https://t.co/WaEA1kYU6c
@VulnCheckAI
29 Oct 2025
225 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Active Exploitation Alert @TheHackersNews and @CISAgov report active exploitation of critical flaws in Dassault Systèmes DELMIA Apriso and XWiki. 💡 The CrowdSec Network detected and reported real-world weaponization of the XWiki flaw (CVE-2025-24893) as far back a
@Crowd_Security
29 Oct 2025
303 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
XWiki RCE Flaw Under Active Attack for Coinmining A critical vulnerability in XWiki (CVE-2025-24893) is actively exploited by threat actors to deploy cryptocurrency mining malware. Unpatched XWiki systems are at serious risk. Researchers at VulnCheck have documented ongoing http
@Secwiserapp
29 Oct 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F2AD2E-CF5D-46D1-AFB8-2E9529C8E8D4",
"versionEndExcluding": "15.10.11",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5921C493-2A56-49BC-8763-7D12518C0DC2",
"versionEndExcluding": "16.4.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xwiki:xwiki:5.3:-:*:*:*:*:*:*",
"matchCriteriaId": "F5CC1FB7-2BAD-4413-9955-02E06BA27305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xwiki:xwiki:5.3:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "067AAD11-1AB2-4688-8D81-F2464CD2FA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xwiki:xwiki:5.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F2FCE7B4-E701-4C07-B4A9-31EC6C25F882",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]