关联漏洞
Description
POC exploit for CVE-2025-24893
介绍
# CVE-2025-24893
```
# Exploit Title: XWiki 15.10.10 - Unauthenticated Remote Code Execution
# Date: 09/08/2025
# Exploit Author: D3Ext
# Vendor Homepage: https://www.xwiki.org/
# Software Link: https://github.com/xwiki/xwiki-platform
# Version: 15.10.10
# Tested on: Kali Linux 2025
# CVE: CVE-2025-24893
```
## Explanation
This repository contains a POC (Proof of Concept) of the CVE-2025-24893 vulnerability, which affects to XWiki 15.10.10 version. XWiki includes a macro called SolrSearch (defined in Main.SolrSearchMacros) enabling full-text search through the engine. The vulnerability stems from the way this macro evaluates search parameters in Groovy, failing to sanitize or restrict malicious input. Thus, unauthenticated attackers are able to execute arbitrary Groovy code remotely without authentication or prior access.
Vulnerable path:
`/xwiki/bin/view/Main/SolrSearchMacros?search=...`
## Usage
```
usage: CVE-2025-24893.py [-h] --url URL --command COMMAND
XWiki 15.10.10 - Unauthenticated Remote Code Execution (RCE)
options:
-h, --help show this help message and exit
--url URL URL of the web root
--command COMMAND command to execute
```
## Demo
<img src="demo.png">
## References
```
https://nvd.nist.gov/vuln/detail/CVE-2025-24893
https://www.offsec.com/blog/cve-2025-24893/
https://www.wiz.io/vulnerability-database/cve/cve-2025-24893
https://www.incibe.es/en/incibe-cert/early-warning/vulnerabilities/cve-2025-24893
```
## License
This project is under [MIT](https://github.com/D3Ext/CVE-2024-25641/blob/main/LICENSE) license
Copyright © 2025, *D3Ext*
文件快照
[4.0K] /data/pocs/abb3d17c0cc23a239a71ee997ea29794dd7dc1cd
├── [2.0K] CVE-2025-24893.py
├── [ 21K] demo.png
├── [1.0K] LICENSE
└── [1.6K] README.md
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。