PoC for CVE-2025-24893: XWiki' Remote Code Execution exploit for versions prior to 15.10.11, 16.4.1 and 16.5.0RC1.

CVE-2025-24893 is a critical unauthenticated remote code execution vulnerability in XWiki (versions < 15.10.11, 16.4.1, 16.5.0RC1) caused by improper handling of Groovy expressions in the SolrSearch macro.

PoC exploits CVE-2025-24893 , a remote code execution (RCE) vulnerability in XWiki caused by improper sandboxing in Groovy macros rendered asynchronously. It allows arbitrary command execution through injection into RSS-based SolrSearch endpoints.

POC exploit for CVE-2025-24893

An RCE vulnerability in XWiki was found allowing unauthenticated attackers to execute arbitrary Groovy code remotely without authentication or prior access.

This vulnerability affects XWiki Platform versions >= 5.3-milestone-2 and = 16.0.0-rc-1 and Successful exploitation may result in the remote code execution under the privileges of the web server, potentially exposing sensitive data or disrupting survey operations.

PoC exploit for XWiki Remote Code Execution Vulnerability (CVE-2025-24893)

🛠️ Exploit remote code execution vulnerability in XWiki through SolrSearch, affecting the platform’s security and user data integrity.