一、 漏洞 CVE-2025-24893 基础信息
漏洞信息
# 通过xwiki中的SolrSearchMacros请求以guest身份执行远程代码
N/A
神龙判断
是否为 Web 类漏洞: 是
判断理由:
是。这个漏洞存在于XWiki的服务端,允许未经身份验证的用户通过特定请求实现远程代码执行,严重影响了XWiki安装的保密性、完整性和可用性。此漏洞已被官方修复,建议用户升级到安全版本或采取临时措施进行防护。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Remote code execution as guest via SolrSearchMacros request in xwiki
来源:美国国家漏洞数据库 NVD
漏洞描述信息
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to `SolrSearch`. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance, without being logged in, go to `<host>/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28"Hello%20from"%20%2B%20"%20search%20text%3A"%20%2B%20%2823%20%2B%2019%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20`. If there is an output, and the title of the RSS feed contains `Hello from search text:42`, then the instance is vulnerable. This vulnerability has been patched in XWiki 15.10.11, 16.4.1 and 16.5.0RC1. Users are advised to upgrade. Users unable to upgrade may edit `Main.SolrSearchMacros` in `SolrSearchMacros.xml` on line 955 to match the `rawResponse` macro in `macros.vm#L2824` with a content type of `application/xml`, instead of simply outputting the content of the feed.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
动态执行代码中指令转义处理不恰当(Eval注入)
来源:美国国家漏洞数据库 NVD
漏洞标题
XWiki Platform 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
XWiki Platform是XWiki开源的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform存在安全漏洞,该漏洞源于任何来宾用户都可以通过对SolrSearch的请求,造成远程代码执行。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2025-24893 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | XWiki Remote Code Execution (CVE-2025-24893) PoC | https://github.com/sug4r-wr41th/CVE-2025-24893 | POC详情 |
| 2 | XWiki SolrSearchMacros 远程代码执行漏洞PoC(CVE-2025-24893) | https://github.com/iSee857/CVE-2025-24893-PoC | POC详情 |
| 3 | Any guest can perform arbitrary remote code execution through a request to SolrSearch. This impacts the confidentiality, integrity, and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 15.10.11, 16.4.1, and 16.5.0RC1. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-24893.yaml | POC详情 |
| 4 | None | https://github.com/Artemir7/CVE-2025-24893-EXP | POC详情 |
| 5 | None | https://github.com/nopgadget/CVE-2025-24893 | POC详情 |
| 6 | This is a small script for the rce vulnerability for CVE-2025-24893. It supports basic input/output | https://github.com/Kai7788/CVE-2025-24893-RCE-PoC | POC详情 |
| 7 | this is a poc for the CVE-2025-24893 | https://github.com/AliElKhatteb/CVE-2024-32019-POC | POC详情 |
| 8 | None | https://github.com/dhiaZnaidi/CVE-2025-24893-PoC | POC详情 |
| 9 | Modified exploit for CVE-2025-24893 | https://github.com/hackersonsteroids/cve-2025-24893 | POC详情 |
| 10 | PoC exploits CVE-2025-24893 , a remote code execution (RCE) vulnerability in XWiki caused by improper sandboxing in Groovy macros rendered asynchronously. It allows arbitrary command execution through injection into RSS-based SolrSearch endpoints. | https://github.com/Infinit3i/CVE-2025-24893 | POC详情 |
| 11 | PoC for CVE-2025-24893: XWiki' Remote Code Execution exploit for versions prior to 15.10.11, 16.4.1 and 16.5.0RC1. | https://github.com/gunzf0x/CVE-2025-24893 | POC详情 |
| 12 | CVE-2025-24893 is a critical unauthenticated remote code execution vulnerability in XWiki (versions < 15.10.11, 16.4.1, 16.5.0RC1) caused by improper handling of Groovy expressions in the SolrSearch macro. | https://github.com/dollarboysushil/CVE-2025-24893-XWiki-Unauthenticated-RCE-Exploit-POC | POC详情 |
| 13 | PoC | XWiki Platform 15.10.10 - Remote Code Execution | https://github.com/zs1n/CVE-2025-24893 | POC详情 |
| 14 | Proof-of-Concept exploit for CVE-2025-24893, an unauthenticated Remote Code Execution (RCE) vulnerability in XWiki. Exploits a template injection flaw in the SolrSearch endpoint via Groovy script execution. | https://github.com/investigato/cve-2025-24893-poc | POC详情 |
| 15 | PoC for CVE-2025-24893 | https://github.com/570RMBR3AK3R/xwiki-cve-2025-24893-poc | POC详情 |
| 16 | CVE-2025-24893 is a critical unauthenticated remote code execution (RCE) vulnerability in XWiki, a popular open-source enterprise wiki platform. | https://github.com/IIIeJlyXaKapToIIIKu/CVE-2025-24893-XWiki-unauthenticated-RCE-via-SolrSearch | POC详情 |
| 17 | Bash POC script for RCE vulnerability in XWiki Platform | https://github.com/mah4nzfr/CVE-2025-24893 | POC详情 |
| 18 | None | https://github.com/Th3Gl0w/CVE-2025-24893-POC | POC详情 |
| 19 | This vulnerability could allow a malicious user to execute remote code by sending appropriately crafted requests to the default search engine SolrSearch | https://github.com/Hex00-0x4/CVE-2025-24893-XWiki-RCE | POC详情 |
| 20 | POC | https://github.com/The-Red-Serpent/CVE-2025-24893 | POC详情 |
| 21 | XWiki 15.10.11, 16.4.1 and 16.5.0RC1 Unauthenticated Remote code execution POC | https://github.com/alaxar/CVE-2025-24893 | POC详情 |
| 22 | POC exploit for CVE-2025-24893 | https://github.com/D3Ext/CVE-2025-24893 | POC详情 |
| 23 | A POC for CVE-2025-24893 written in python | https://github.com/Retro023/CVE-2025-24893-POC | POC详情 |
| 24 | PoC exploit for XWiki Remote Code Execution Vulnerability (CVE-2025-24893) | https://github.com/CMassa/CVE-2025-24893 | POC详情 |
| 25 | Some poorly crafted exploit scripts | https://github.com/x0da6h/POC-for-CVE-2025-24893 | POC详情 |
| 26 | A critical remote code execution (RCE) vulnerability (CVE‑2025‑24893) exists in the XWiki Platform, specifically in the SolrSearch RSS feed endpoint. | https://github.com/ibadovulfat/CVE-2025-24893_HackTheBox-Editor-Writeup | POC详情 |
| 27 | Unauth RCE PoC for XWiki SolrSearch (CVE-2025-24893). Command exec + reverse shell. Built during process of pwning HTB “Editor” | https://github.com/torjan0/xwiki_solrsearch-rce-exploit | POC详情 |
| 28 | Reverse Shell Payload for CVE-2025-24893 | https://github.com/AzureADTrent/CVE-2025-24893-Reverse-Shell | POC详情 |
| 29 | None | https://github.com/b0ySie7e/CVE-2025-24893 | POC详情 |
| 30 | None | https://github.com/andwati/CVE-2025-24893 | POC详情 |
| 31 | CVE-2025-24893 RCE exploit for XWiki with reverse shell capability | https://github.com/Bishben/xwiki-15.10.8-reverse-shell-cve-2025-24893 | POC详情 |
| 32 | Unauthenticated Remote Code Execution in XWiki via SolrSearch Macro | https://github.com/gotr00t0day/CVE-2025-24893 | POC详情 |
| 33 | CVE-2025-24893 exploit | https://github.com/ibrahmsql/CVE-2025-24893 | POC详情 |
| 34 | None | https://github.com/Yukik4z3/CVE-2025-24893 | POC详情 |
| 35 | None | https://github.com/rvizx/CVE-2025-24893 | POC详情 |
| 36 | None | https://github.com/Y2F05p2w/CVE-2025-24893 | POC详情 |
| 37 | XWiki Unauthenticated RCE Exploit for Reverse Shell | https://github.com/80Ottanta80/CVE-2025-24893-PoC | POC详情 |
| 38 | CVE-2025-24893 tool | https://github.com/kimtangker/CVE-2025-24893 | POC详情 |
| 39 | CVE-2025-24893 | https://github.com/B1ack4sh/Blackash-CVE-2025-24893 | POC详情 |
| 40 | CVE-2025-24893 | https://github.com/Ashwesker/Blackash-CVE-2025-24893 | POC详情 |
| 41 | None | https://github.com/0xDTC/XWiki-Platform-RCE-CVE-2025-24893 | POC详情 |
| 42 | None | https://github.com/o0wo0o/CVE-2025-24893_Shell | POC详情 |
| 43 | CVE-2025-24893 is a critical remote code execution (RCE) vulnerability in XWiki. It allows an unauthenticated attacker to send a crafted request that is improperly evaluated as code, leading to arbitrary code execution on the server and possible full system compromise. | https://github.com/WhiteDominion/CVE-2025-24893 | POC详情 |
| 44 | Proof of Concept for CVE-2025-24893 demonstrating unauthenticated remote command execution in XWiki through unsafe server-side template evaluation. | https://github.com/BreakingRohit/CVE-2025-24893-PoC | POC详情 |
| 45 | CVE-2025-24893 | https://github.com/Ashwesker/Ashwesker-CVE-2025-24893 | POC详情 |
| 46 | Unauthenticated RCE exploit for XWiki CVE-2025-24893 via Groovy script injection | https://github.com/TomKingori/xwiki-cve-2025-24893-exploit | POC详情 |
三、漏洞 CVE-2025-24893 的情报信息
标题: [XWIKI-22149] ZDI-CAN-23994: New Vulnerability Report - XWiki.org JIRA -- 🔗来源链接
标签:x_refsource_MISC
![[XWIKI-22149] ZDI-CAN-23994: New Vulnerability Report - XWiki.org JIRA](https://cvepdf.imfht.com:2443//ti_screenshot/2025-02-21/screenshot-viewport-2025-02-21T16-32-00.696Z-9c72699791fdaf98ed72.webp)
标题: Remote code execution as guest via SolrSearchMacros request · Advisory · xwiki/xwiki-platform · GitHub -- 🔗来源链接
标签:x_refsource_CONFIRM
标题: XWIKI-22149: Introduce a generic Velocity macro to set HTTP responses · xwiki/xwiki-platform@67021db · GitHub -- 🔗来源链接
标签:x_refsource_MISC
标题: xwiki-platform/xwiki-platform-core/xwiki-platform-web/xwiki-platform-web-templates/src/main/resources/templates/macros.vm at 67021db9b8ed26c2236a653269302a86bf01ef40 · xwiki/xwiki-platform · GitHub -- 🔗来源链接
标签:x_refsource_MISC
标题: xwiki-platform/xwiki-platform-core/xwiki-platform-search/xwiki-platform-search-solr/xwiki-platform-search-solr-ui/src/main/resources/Main/SolrSearchMacros.xml at 568447cad5172d97d6bbcfda9f6183689c2cf086 · xwiki/xwiki-platform · GitHub -- 🔗来源链接
标签:x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2025-24893
四、漏洞 CVE-2025-24893 的评论
匿名用户
2026-01-15 06:08:49Zaproxy alias impedit expedita quisquam pariatur exercitationem. Nemo rerum eveniet dolores rem quia dignissimos.