CVE-2025-24893
Remote code execution as guest via SolrSearchMacros request in xwiki
En resumen
Cualquier visitante de un sitio XWiki puede ejecutar código arbitrario en el servidor sin iniciar sesión, enviando una solicitud especialmente diseñada a la función de búsqueda. Esto compromete completamente la confidencialidad, integridad y disponibilidad de toda la instalación.
Detalle técnico
La macro SolrSearch no desinfecta adecuadamente el parámetro `text` proporcionado por el usuario antes de evaluarlo como código, permitiendo que atacantes no autenticados inyecten y ejecuten código Groovy arbitrario en el servidor. La vulnerabilidad existe en el mecanismo de respuesta que muestra el contenido del feed sin escapar adecuadamente ni restringir el tipo de contenido.
Resumen generado y traducido por IA a partir de la descripción oficial.
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to `SolrSearch`. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance, without being logged in, go to `<host>/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28"Hello%20from"%20%2B%20"%20search%20text%3A"%20%2B%20%2823%20%2B%2019%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20`. If there is an output, and the title of the RSS feed contains `Hello from search text:42`, then the instance is vulnerable. This vulnerability has been patched in XWiki 15.10.11, 16.4.1 and 16.5.0RC1. Users are advised to upgrade. Users unable to upgrade may edit `Main.SolrSearchMacros` in `SolrSearchMacros.xml` on line 955 to match the `rawResponse` macro in `macros.vm#L2824` with a content type of `application/xml`, instead of simply outputting the content of the feed.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
xwiki · xwiki-platformPoCs públicas encontradas — 41
githubgithub.com/gunzf0x/CVE-2025-24893★ 22githubgithub.com/dollarboysushil/CVE-2025-24893-XWiki-Unauthenticated-RCE-Exploit-POC★ 17githubgithub.com/b0ySie7e/CVE-2025-24893★ 11githubgithub.com/iSee857/CVE-2025-24893-PoC★ 10githubgithub.com/Infinit3i/CVE-2025-24893★ 6githubgithub.com/Hex00-0x4/CVE-2025-24893-XWiki-RCE★ 6githubgithub.com/AliElKhatteb/CVE-2024-32019-POC★ 5githubgithub.com/hackersonsteroids/cve-2025-24893★ 5githubgithub.com/D3Ext/CVE-2025-24893★ 4githubgithub.com/570RMBR3AK3R/xwiki-cve-2025-24893-poc★ 3githubgithub.com/torjan0/xwiki_solrsearch-rce-exploit★ 2githubgithub.com/BreakingRohit/CVE-2025-24893-PoC★ 2githubgithub.com/Artemir7/CVE-2025-24893-EXP★ 2githubgithub.com/Th3Gl0w/CVE-2025-24893-POC★ 1githubgithub.com/IIIeJlyXaKapToIIIKu/CVE-2025-24893-XWiki-unauthenticated-RCE-via-SolrSearch★ 1githubgithub.com/x0da6h/POC-for-CVE-2025-24893★ 1githubgithub.com/80Ottanta80/CVE-2025-24893-PoC★ 1githubgithub.com/vasilysaint/CVE-2025-24893★ 1githubgithub.com/alaxar/CVE-2025-24893★ 0githubgithub.com/zs1n/CVE-2025-24893★ 0githubgithub.com/Retro023/CVE-2025-24893-POC★ 0githubgithub.com/CMassa/CVE-2025-24893★ 0githubgithub.com/Fomovet/cve-2025-24893★ 0githubgithub.com/ibadovulfat/CVE-2025-24893★ 0githubgithub.com/gmh5225/CVE-2025-24893-RCE-PoC★ 0githubgithub.com/AzureADTrent/CVE-2025-24893-Reverse-Shell★ 0githubgithub.com/andwati/CVE-2025-24893★ 0githubgithub.com/Bishben/xwiki-15.10.8-reverse-shell-cve-2025-24893★ 0githubgithub.com/kimtangker/CVE-2025-24893★ 0githubgithub.com/investigato/cve-2025-24893-poc★ 0githubgithub.com/The-Red-Serpent/CVE-2025-24893★ 0githubgithub.com/0xDTC/XWiki-Platform-RCE-CVE-2025-24893★ 0githubgithub.com/o0wo0o/CVE-2025-24893_Shell★ 0githubgithub.com/dhiaZnaidi/CVE-2025-24893-PoC★ 0githubgithub.com/TomKingori/xwiki-cve-2025-24893-exploit★ 0githubgithub.com/nohack1212/CVE-2025-24893-★ 0githubgithub.com/rippsec/CVE-2025-24893-XWiki-SSTI-RCE★ 0githubgithub.com/hasecto/CVE-2025-24893★ 0githubgithub.com/mah4nzfr/CVE-2025-24893★ 0exploitdbwww.exploit-db.com/exploits/52429no verificadoexploitdbwww.exploit-db.com/exploits/52136no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://github.com/xwiki/xwiki-platform/blob/568447cad5172d97d6bbcfda9f6183689c2cf086/xwiki-platform-core/xwiki-platform-search/xwiki-platform-search-solr/xwiki-platform-search-solr-ui/src/main/resources/Main/SolrSearchMacros.xml#L955https://github.com/xwiki/xwiki-platform/blob/67021db9b8ed26c2236a653269302a86bf01ef40/xwiki-platform-core/xwiki-platform-web/xwiki-platform-web-templates/src/main/resources/templates/macros.vm#L2824https://github.com/xwiki/xwiki-platform/commit/67021db9b8ed26c2236a653269302a86bf01ef40https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rr6p-3pfg-562jhttps://jira.xwiki.org/browse/XWIKI-22149https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24893