Remote Code Execution Vulnerability in XWiki Platform by XWiki SAS
CVE-2025-24893
Key Information:
- Vendor
Xwiki
- Status
- Vendor
- CVE Published:
- 20 February 2025
Badges
What is CVE-2025-24893?
CVE-2025-24893 is a critical remote code execution vulnerability found in the XWiki Platform, a widely used open-source wiki software developed by XWiki SAS. This platform facilitates the creation and management of collaborative content and applications. The vulnerability allows any unauthenticated user to execute arbitrary code remotely via a crafted request to the SolrSearch function. If exploited, this vulnerability can severely compromise the confidentiality, integrity, and availability of the XWiki installation, potentially leading to unauthorized control over the affected system and exposing sensitive data. The risk associated with this vulnerability emphasizes the need for timely updates, as it could allow malicious users to manipulate or steal data and disrupt services.
Potential impact of CVE-2025-24893
-
Unauthorized Access and Data Manipulation: An attacker could exploit this vulnerability to gain unauthorized access to the XWiki system, allowing them to execute arbitrary code. This could lead to unauthorized manipulation or destruction of data stored within the wiki, severely affecting data integrity.
-
Service Disruption: The ability to execute arbitrary code can result in denial-of-service conditions, disrupting the availability of the XWiki platform. Organizations relying on this software for collaboration may face significant downtime, affecting productivity and operational efficiency.
-
Compromise of Sensitive Information: Given that XWiki can be used to store sensitive organizational information, exploiting this vulnerability may allow attackers to exfiltrate confidential data, leading to potential data breaches and compliance violations, along with subsequent reputational damage.
CISA has reported CVE-2025-24893
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-24893 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
xwiki-platform >= 5.3-milestone-2, < 15.10.11 < 5.3-milestone-2, 15.10.11
xwiki-platform >= 16.0.0-rc-1, < 16.4.1 < 16.0.0-rc-1, 16.4.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
HackreadCVE-2025-24893Hackers Hijack Corporate XWiki Servers for Crypto Mining
A critical security flaw is being actively exploited by cybercriminals to compromise corporate XWiki servers for cryptomining. This is an urgent threat targeting unpatched installations of the open-source...
6 days ago
CybersecurityNewsCVE-2025-24893CISA Warns of XWiki Platform Injection vulnerability Exploited to Execute Remote Code
CISA has issued an urgent warning about a severe injection vulnerability in the XWiki Platform, designated as CVE-2025-24893.
6 days ago
CISA Warns of XWiki Platform Injection vulnerability Exploited to Execute Remote Code
CISA has issued an urgent warning about a severe injection vulnerability in the XWiki Platform, designated as CVE-2025-24893.
6 days ago
References
EPSS Score
94% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🦅
CISA Reported
- 💰
Used in Ransomware
- 📰
First article discovered by The Hacker News
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved