Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2025-24893

Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to `SolrSearch`. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance, without being logged in, go to `/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28"Hello%20from"%20%2B%20"%20search%20text%3A"%20%2B%20%2823%20%2B%2019%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20`. If there is an output, and the title of the RSS feed contains `Hello from search text:42`, then the instance is vulnerable. This vulnerability has been patched in XWiki 15.10.11, 16.4.1 and 16.5.0RC1. Users are advised to upgrade. Users unable to upgrade may edit `Main.SolrSearchMacros` in `SolrSearchMacros.xml` on line 955 to match the `rawResponse` macro in `macros.vm#L2824` with a content type of `application/xml`, instead of simply outputting the content of the feed.

POC

Reference

- https://jira.xwiki.org/browse/XWIKI-22149

Github

- https://github.com/0xMarcio/cve

- https://github.com/0xVoodoo/PoCs

- https://github.com/20142995/nuclei-templates

- https://github.com/570RMBR3AK3R/xwiki-cve-2025-24893-poc

- https://github.com/AliElKhatteb/CVE-2024-32019-POC

- https://github.com/Artemir7/CVE-2025-24893-EXP

- https://github.com/AzureADTrent/CVE-2025-24893-Reverse-Shell

- https://github.com/Bishben/xwiki-15.10.8-reverse-shell-cve-2025-24893

- https://github.com/CMassa/CVE-2025-24893

- https://github.com/D3Ext/CVE-2025-24893

- https://github.com/Hex00-0x4/CVE-2025-24893-XWiki-RCE

- https://github.com/IIIeJlyXaKapToIIIKu/CVE-2025-24893-XWiki-unauthenticated-RCE-via-SolrSearch

- https://github.com/Infinit3i/CVE-2025-24893

- https://github.com/JacintaSyilloam/exploit-scripts

- https://github.com/Kai7788/CVE-2025-24893-RCE-PoC

- https://github.com/MartinLeNizon/ndsudo_reversed

- https://github.com/PuddinCat/GithubRepoSpider

- https://github.com/Retro023/CVE-2025-24893-POC

- https://github.com/SrMeirins/HackingVault

- https://github.com/Th3Gl0w/CVE-2025-24893-POC

- https://github.com/The-Red-Serpent/CVE-2025-24893

- https://github.com/alaxar/CVE-2025-24893

- https://github.com/andwati/CVE-2025-24893

- https://github.com/b0ySie7e/CVE-2025-24893

- https://github.com/cyb3r-w0lf/nuclei-template-collection

- https://github.com/defronixpro/Defronix-Cybersecurity-Roadmap

- https://github.com/dhiaZnaidi/CVE-2025-24893-PoC

- https://github.com/dollarboysushil/CVE-2025-24893-XWiki-Unauthenticated-RCE-Exploit-POC

- https://github.com/gunzf0x/CVE-2025-24893

- https://github.com/hackersonsteroids/cve-2025-24893

- https://github.com/iSee857/CVE-2025-24893-PoC

- https://github.com/ibadovulfat/CVE-2025-24893_HackTheBox-Editor-Writeup

- https://github.com/investigato/cve-2025-24893-poc

- https://github.com/mah4nzfr/CVE-2025-24893

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/nopgadget/CVE-2025-24893

- https://github.com/plzheheplztrying/cve_monitor

- https://github.com/saad0x1/Exploits

- https://github.com/securitycipher/daily-bugbounty-writeups

- https://github.com/tanjiti/sec_profile

- https://github.com/thexnumb/thexwriteup

- https://github.com/torjan0/xwiki_solrsearch-rce-exploit

- https://github.com/x0da6h/POC-for-CVE-2025-24893

- https://github.com/yembors64632/cve_monitor_Public

- https://github.com/zs1n/CVE-2025-24893