CVE-2025-24893 PoC — XWiki Platform 安全漏洞

Source

Associated Vulnerability

Description

POC

Readme

# PoC for CVE-2025-24893 — XWiki Remote Code Execution (Safe PoC)

**PoC for CVE-2025-24893:** XWiki' Remote Code Execution exploit for versions prior to **15.10.11**, **16.4.1** and **16.5.0RC1**.

> ⚠️ **IMPORTANT — AUTHORIZED TESTING ONLY**  
> This repository contains a *proof-of-concept* (PoC) project intended for **educational** and **authorized vulnerability testing**. Do **not** use any exploit code or techniques against systems you do not own or do not have explicit written permission to test. Unauthorized use may be illegal.

---

## Overview

- **CVE:** CVE-2025-24893  
- **Product:** XWiki Platform  
- **Affected versions (reported):** versions prior to **15.10.11**, **16.4.1**, and **16.5.0RC1**.  
- **Impact:** Remote Code Execution (RCE) via code (Groovy) injection when certain endpoints render untrusted content.  
- **PoC intent:** Demonstrate that arbitrary code execution is possible in a controlled environment — *this README and associated scripts are sanitized for safe, responsible use*.

---

## What this repository provides (safe mode)

- A **non-destructive PoC script** that demonstrates how an RCE condition might be triggered, **without** containing working exploit payloads (no reverse shells, no malicious one-liners).  
- A robust **test harness** for sending benign commands (e.g. `uname -a`, `echo "POC OK"`) to a target XWiki instance you control.  

---

## Requirements

- Python 3.8+  
- `requests` Python package:
```bash
pip install requests

File Snapshot

 [4.0K]  /data/pocs/ad313b58525fa5dda7a4efafbd4b9a1c9b078857
├── [2.9K]  exploit.py
├── [1.0K]  LICENSE
└── [1.5K]  README.md

0 directories, 3 files

Remarks