CVE-2025-24893 Scanner

XWiki Platform is a widely used open-source wiki platform often deployed by companies and organizations to facilitate collaborative work and document sharing. It is used in corporate environments, educational institutions, and various communities around the world to create and manage complex knowledge bases, project documentation, and community support platforms. The platform supports multiple extensions and customizations, allowing users to enhance its functionalities. Administrators and developers utilize it to manage content and integrate with other systems. XWiki is highly valued for its ability to structure and present information efficiently while allowing comprehensive access control. The platform’s flexibility and extensibility make it a popular choice in many sectors looking for robust content management systems.

The Remote Code Execution (RCE) vulnerability in XWiki Platform allows unauthenticated users to execute arbitrary code on the server hosting the application. This vulnerability is particularly severe as it compromises the server's integrity and data confidentiality, which can lead to a full takeover of the affected wiki instance. Attackers can exploit this vulnerability to run unauthorized commands and scripts remotely, greatly impacting organizations relying on XWiki for secure documentation and collaboration. The issue is prevalent in the utilization of the SolrSearch feature, which inadequately handles input data, resulting in unauthorized execution paths. This type of vulnerability is critical as it requires little attacker effort to exploit once the endpoint is identified, potentially impacting numerous instances globally.

The vulnerability exists in the SolrSearch feature of the XWiki Platform, where crafted requests can result in the execution of arbitrary Groovy code. The endpoint, `{{BaseURL}}/bin/get/Main/SolrSearch`, is exploited by passing specially formatted code within the query parameters, ultimately leading to server-side command execution. The vulnerability stems from the inadequate validation and sanitization of input data, particularly the 'media' and 'text' parameters which, when processed, can trigger execution of the injected code. This specific attack vector takes advantage of the system's dependency on interpreters that execute Groovy scripts, allowing attackers to specify and run commands such as reading sensitive files. The complexity of this vulnerability is low, demanding minimal skill to deploy the exploit, thereby widening the risk to all unpatched systems.

If this vulnerability is exploited by malicious actors, it can lead to a complete compromise of the affected XWiki instance. Critical outcomes include unauthorized access to sensitive data, unauthorized administrative actions, and potential deployment of persistent backdoors. The malicious execution of code can destroy or manipulate data, disrupt operations, and escalate privileges within the compromised server network. Organizations relying on XWiki for internal and external communications risk highly damaging breaches that may require extensive resources to rectify. In the worst-case scenario, an attacker could gain control over other connected systems, extending the attack's impact and jeopardizing more than just the initial XWiki platform.

REFERENCES

• https://github.com/advisories/GHSA-rr6p-3pfg-562j
• https://nvd.nist.gov/vuln/detail/CVE-2025-24893