Remote code execution as guest via SolrSearchMacros request in xwiki 漏洞信息(CVE-2025-24893)

一、漏洞 CVE-2025-24893 基础信息

漏洞信息

                                        # 通过xwiki中的SolrSearchMacros请求以guest身份执行远程代码

N/A

提示

尽管我们采用了先进的大模型技术，但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确，但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利！

漏洞标题

Remote code execution as guest via SolrSearchMacros request in xwiki

来源：美国国家漏洞数据库 NVD

漏洞描述信息

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to `SolrSearch`. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance, without being logged in, go to `<host>/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28"Hello%20from"%20%2B%20"%20search%20text%3A"%20%2B%20%2823%20%2B%2019%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20`. If there is an output, and the title of the RSS feed contains `Hello from search text:42`, then the instance is vulnerable. This vulnerability has been patched in XWiki 15.10.11, 16.4.1 and 16.5.0RC1. Users are advised to upgrade. Users unable to upgrade may edit `Main.SolrSearchMacros` in `SolrSearchMacros.xml` on line 955 to match the `rawResponse` macro in `macros.vm#L2824` with a content type of `application/xml`, instead of simply outputting the content of the feed.

来源：美国国家漏洞数据库 NVD

CVSS信息

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

来源：美国国家漏洞数据库 NVD

漏洞类别

动态执行代码中指令转义处理不恰当(Eval注入)

来源：美国国家漏洞数据库 NVD

漏洞标题

XWiki Platform 安全漏洞

来源：中国国家信息安全漏洞库 CNNVD

漏洞描述信息

XWiki Platform是XWiki开源的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform存在安全漏洞，该漏洞源于任何来宾用户都可以通过对SolrSearch的请求，造成远程代码执行。

来源：中国国家信息安全漏洞库 CNNVD

CVSS信息

N/A

来源：中国国家信息安全漏洞库 CNNVD

漏洞类别

其他

来源：中国国家信息安全漏洞库 CNNVD

二、漏洞 CVE-2025-24893 的公开POC

#	POC 描述	源链接	神龙链接
1	XWiki Remote Code Execution (CVE-2025-24893) PoC	https://github.com/sug4r-wr41th/CVE-2025-24893	POC详情
2	XWiki SolrSearchMacros 远程代码执行漏洞PoC（CVE-2025-24893）	https://github.com/iSee857/CVE-2025-24893-PoC	POC详情
3	Any guest can perform arbitrary remote code execution through a request to SolrSearch. This impacts the confidentiality, integrity, and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 15.10.11, 16.4.1, and 16.5.0RC1.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-24893.yaml	POC详情
4	None	https://github.com/Artemir7/CVE-2025-24893-EXP	POC详情
5	None	https://github.com/nopgadget/CVE-2025-24893	POC详情
6	This is a small script for the rce vulnerability for CVE-2025-24893. It supports basic input/output	https://github.com/Kai7788/CVE-2025-24893-RCE-PoC	POC详情
7	this is a poc for the CVE-2025-24893	https://github.com/AliElKhatteb/CVE-2024-32019-POC	POC详情
8	None	https://github.com/dhiaZnaidi/CVE-2025-24893-PoC	POC详情
9	Modified exploit for CVE-2025-24893	https://github.com/hackersonsteroids/cve-2025-24893	POC详情
10	PoC exploits CVE-2025-24893 , a remote code execution (RCE) vulnerability in XWiki caused by improper sandboxing in Groovy macros rendered asynchronously. It allows arbitrary command execution through injection into RSS-based SolrSearch endpoints.	https://github.com/Infinit3i/CVE-2025-24893	POC详情
11	PoC for CVE-2025-24893: XWiki' Remote Code Execution exploit for versions prior to 15.10.11, 16.4.1 and 16.5.0RC1.	https://github.com/gunzf0x/CVE-2025-24893	POC详情
12	CVE-2025-24893 is a critical unauthenticated remote code execution vulnerability in XWiki (versions < 15.10.11, 16.4.1, 16.5.0RC1) caused by improper handling of Groovy expressions in the SolrSearch macro.	https://github.com/dollarboysushil/CVE-2025-24893-XWiki-Unauthenticated-RCE-Exploit-POC	POC详情
13	PoC \| XWiki Platform 15.10.10 - Remote Code Execution	https://github.com/zs1n/CVE-2025-24893	POC详情
14	Proof-of-Concept exploit for CVE-2025-24893, an unauthenticated Remote Code Execution (RCE) vulnerability in XWiki. Exploits a template injection flaw in the SolrSearch endpoint via Groovy script execution.	https://github.com/investigato/cve-2025-24893-poc	POC详情
15	PoC for CVE-2025-24893	https://github.com/570RMBR3AK3R/xwiki-cve-2025-24893-poc	POC详情
16	CVE-2025-24893 is a critical unauthenticated remote code execution (RCE) vulnerability in XWiki, a popular open-source enterprise wiki platform.	https://github.com/IIIeJlyXaKapToIIIKu/CVE-2025-24893-XWiki-unauthenticated-RCE-via-SolrSearch	POC详情
17	Bash POC script for RCE vulnerability in XWiki Platform	https://github.com/mah4nzfr/CVE-2025-24893	POC详情
18	None	https://github.com/Th3Gl0w/CVE-2025-24893-POC	POC详情
19	This vulnerability could allow a malicious user to execute remote code by sending appropriately crafted requests to the default search engine SolrSearch	https://github.com/Hex00-0x4/CVE-2025-24893-XWiki-RCE	POC详情
20	POC	https://github.com/The-Red-Serpent/CVE-2025-24893	POC详情
21	XWiki 15.10.11, 16.4.1 and 16.5.0RC1 Unauthenticated Remote code execution POC	https://github.com/alaxar/CVE-2025-24893	POC详情
22	POC exploit for CVE-2025-24893	https://github.com/D3Ext/CVE-2025-24893	POC详情
23	A POC for CVE-2025-24893 written in python	https://github.com/Retro023/CVE-2025-24893-POC	POC详情
24	PoC exploit for XWiki Remote Code Execution Vulnerability (CVE-2025-24893)	https://github.com/CMassa/CVE-2025-24893	POC详情
25	Some poorly crafted exploit scripts	https://github.com/x0da6h/POC-for-CVE-2025-24893	POC详情
26	A critical remote code execution (RCE) vulnerability (CVE‑2025‑24893) exists in the XWiki Platform, specifically in the SolrSearch RSS feed endpoint.	https://github.com/ibadovulfat/CVE-2025-24893_HackTheBox-Editor-Writeup	POC详情
27	Unauth RCE PoC for XWiki SolrSearch (CVE-2025-24893). Command exec + reverse shell. Built during process of pwning HTB “Editor”	https://github.com/torjan0/xwiki_solrsearch-rce-exploit	POC详情
28	Reverse Shell Payload for CVE-2025-24893	https://github.com/AzureADTrent/CVE-2025-24893-Reverse-Shell	POC详情
29	None	https://github.com/b0ySie7e/CVE-2025-24893	POC详情
30	None	https://github.com/andwati/CVE-2025-24893	POC详情
31	CVE-2025-24893 RCE exploit for XWiki with reverse shell capability	https://github.com/Bishben/xwiki-15.10.8-reverse-shell-cve-2025-24893	POC详情
32	Unauthenticated Remote Code Execution in XWiki via SolrSearch Macro	https://github.com/gotr00t0day/CVE-2025-24893	POC详情
33	CVE-2025-24893 exploit	https://github.com/ibrahmsql/CVE-2025-24893	POC详情
34	None	https://github.com/Yukik4z3/CVE-2025-24893	POC详情
35	None	https://github.com/rvizx/CVE-2025-24893	POC详情
36	None	https://github.com/Y2F05p2w/CVE-2025-24893	POC详情

三、漏洞 CVE-2025-24893 的情报信息

标题： [XWIKI-22149] ZDI-CAN-23994: New Vulnerability Report - XWiki.org JIRA -- 🔗来源链接

标签： x_refsource_MISC
标题： Remote code execution as guest via SolrSearchMacros request · Advisory · xwiki/xwiki-platform · GitHub -- 🔗来源链接

标签： x_refsource_CONFIRM
标题： XWIKI-22149: Introduce a generic Velocity macro to set HTTP responses · xwiki/xwiki-platform@67021db · GitHub -- 🔗来源链接

标签： x_refsource_MISC
标题： xwiki-platform/xwiki-platform-core/xwiki-platform-web/xwiki-platform-web-templates/src/main/resources/templates/macros.vm at 67021db9b8ed26c2236a653269302a86bf01ef40 · xwiki/xwiki-platform · GitHub -- 🔗来源链接

标签： x_refsource_MISC
标题： xwiki-platform/xwiki-platform-core/xwiki-platform-search/xwiki-platform-search-solr/xwiki-platform-search-solr-ui/src/main/resources/Main/SolrSearchMacros.xml at 568447cad5172d97d6bbcfda9f6183689c2cf086 · xwiki/xwiki-platform · GitHub -- 🔗来源链接

标签： x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2025-24893