CVE-2025-24893 PoC — XWiki Platform 安全漏洞

Source

Associated Vulnerability

Description

This vulnerability could allow a malicious user to execute remote code by sending appropriately crafted requests to the default search engine SolrSearch

Readme

## 📜 **Description**

A **critical RCE vulnerability** exists in **XWiki** that allows **unauthenticated attackers** to execute arbitrary system commands via vulnerable API endpoints.  
Exploitation can result in:  

- **Full server takeover**  
- **Data theft or destruction**  
- **Pivoting into internal networks**  

---

## 💥 **Impact**

- **Complete compromise** of the affected XWiki instance and underlying OS.  
- **Loss of confidentiality, integrity, and availability**.  

---

## 🛠 **Fix / Mitigation**

- **Upgrade** to the latest patched version (****).  
- **Restrict** or disable vulnerable API endpoints.  
- Apply **WAF rules** to block malicious payloads.

## Exploitation:

## SHODAN DORK : ``` http.title:"XWiki" ```


<img width="1900" height="336" alt="Screenshot 2025-08-08 111156" src="https://github.com/user-attachments/assets/078abbf0-4012-4798-8c8f-5abcd9f7df3c" />

## Usage:

``` git clone https://github.com/Hex00-0x4/CVE-2025-24893-XWiki-RCE.git ```

```cd CVE-2025-24893-XWiki-RCE ```

```python3 CVE-2025-24893.py```


<img width="1477" height="742" alt="Screenshot 2025-08-08 111415" src="https://github.com/user-attachments/assets/b1e4d6d0-b1d7-4561-bbce-ce98c0e64ee0" />

File Snapshot

 [4.0K]  /data/pocs/a32b762d56d5ec03e1e2f7b066e12d8e7ff065d4
├── [3.3K]  CVE-2025-24893.py
├── [1.0K]  LICENSE
└── [1.2K]  README.md

0 directories, 3 files

Remarks