Summary
A Proof of Concept (PoC) is available for CVE-2025-24893 – already fixed by the vendor – present in XWiki, a well-known open source collaborative platform.
This vulnerability could allow a malicious user to execute remote code by sending appropriately crafted requests to the default search engine SolrSearch.
Risk
Estimate of the impact of the vulnerability on the reference community: High (72.82)
Type
- Remote Code Execution
Affected products and/or versions
XWiki
- from version 5.3-milestone-2 to 15.10.11
- from version 16.0.0-rc-1 to 16.4.1
Mitigation actions
If not done, it is recommended to promptly update the vulnerable products to the latest available version.
References
https://github.com/advisories/GHSA-rr6p-3pfg-562j
https://jira.xwiki.org/browse/XWIKI-22149
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
