This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Unauthenticated Remote Code Execution (RCE) in XWiki Platform via `SolrSearch`. π₯ **Consequences**: Complete system compromise.β¦
π‘οΈ **Root Cause**: CWE-95 (Improper Neutralization of Special Elements in Code). The `SolrSearchMacros` component fails to properly sanitize user input, allowing template injection that leads to code execution.
Q3Who is affected? (Versions/Components)
π¦ **Affected Versions**: β’ XWiki Platform >= 5.3-milestone-2, < 15.10.11 β’ XWiki Platform >= 16.0.0-rc-1, < 16.4.1 β’ All versions prior to the fixed releases listed above.
Q4What can hackers do? (Privileges/Data)
π **Attacker Capabilities**: As an unauthenticated guest, you can run **any** system command. This includes reading sensitive files, stealing database credentials, installing backdoors, or pivoting to internal networks.β¦
π **Public Exploits**: **YES**. Multiple PoCs and full exploits are available on GitHub (e.g., `CVE-2025-24893.py`). Automated scanning templates (Nuclei) are also public. Wild exploitation is highly likely.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: 1. Use Nuclei template: `CVE-2025-24893.yaml`. 2. Check if your XWiki version is in the affected range. 3. Look for the `SolrSearch` endpoint being accessible without authentication.
Q8Is it fixed officially? (Patch/Mitigation)
β **Official Fix**: **YES**. Patched in: β’ **15.10.11** β’ **16.4.1** β’ **16.5.0RC1** Update immediately to these versions or later.
Q9What if no patch? (Workaround)
π§ **No Patch Workaround**: 1. **Block Access**: Restrict access to the `SolrSearch` endpoint via WAF or firewall rules. 2. **Disable Solr**: If not needed, disable the Solr search module. 3.β¦