module
Remote Code Execution Vulnerability in XWiki Platform (CVE-2025-24893)
| Disclosed |
|---|
| Feb 20, 2025 |
Disclosed
Feb 20, 2025
Description
This module exploits a template injection vulnerability in the the XWiki Platform.
XWiki includes a macro called SolrSearch (defined in Main.SolrSearchMacros) that enables full-text search through the embedded Solr engine.
The vulnerability stems from the way this macro evaluates search parameters in Groovy, failing to sanitize or restrict malicious input.
This vulnerability affects XWiki Platform versions >= 5.3-milestone-2 and = 16.0.0-rc-1 and
Successful exploitation may result in the remote code execution under the privileges
of the web server, potentially exposing sensitive data or disrupting survey operations.
An attacker can execute arbitrary system commands in the context of the user running the web server.
XWiki includes a macro called SolrSearch (defined in Main.SolrSearchMacros) that enables full-text search through the embedded Solr engine.
The vulnerability stems from the way this macro evaluates search parameters in Groovy, failing to sanitize or restrict malicious input.
This vulnerability affects XWiki Platform versions >= 5.3-milestone-2 and = 16.0.0-rc-1 and
Successful exploitation may result in the remote code execution under the privileges
of the web server, potentially exposing sensitive data or disrupting survey operations.
An attacker can execute arbitrary system commands in the context of the user running the web server.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.