CVE-2025-24893 PoC — XWiki Platform 安全漏洞

Source

https://github.com/sug4r-wr41th/CVE-2025-24893

Associated Vulnerability

Title:XWiki Platform 安全漏洞 (CVE-2025-24893)
Description:XWiki Platform是XWiki开源的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform存在安全漏洞，该漏洞源于任何来宾用户都可以通过对SolrSearch的请求，造成远程代码执行。

Description

XWiki Remote Code Execution (CVE-2025-24893) PoC

Readme

# CVE-2024-4577

XWiki is a generic wiki platform offering runtime services for applications built on top of it. Not authenticated guest user can perform arbitrary remote code execution through a request to the `SolrSearch` end point.

# Usage

```
usage:  CVE-2025-24893.py [-h] [-v] URL COMMAND

XWiki SolrSearchMacros Remote Code Execution (CVE-2025-24893) PoC. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-24893

positional arguments:
  URL            target address
  COMMAND        command to execute e.g. Runtime.getRuntime().exec('calc')

optional arguments:
  -h, --help     show this help message and exit
  -v, --version  show program's version number and exit
```

File Snapshot


 [4.0K]  /data/pocs/d59c7edb22df26a2a9e7761b758cd09fb7e3c8f4
├── [ 763]   CVE-2025-24893.py
├── [1.0K]  LICENSE
└── [ 684]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!