CVE-2025-24893

Name of the Vulnerable Software and Affected Versions XWiki versions prior to 15.10.11 XWiki versions prior to 16.4.1 XWiki versions prior to 16.5.0RC1 XWiki versions 5.3-milestone-2 through 15.10.10 XWiki versions 16.0.0-rc-1 through 16.4.0

Description XWiki Platform allows any unauthenticated user to execute arbitrary code remotely through a crafted request to the

SolrSearch

endpoint. This impacts the confidentiality, integrity, and availability of the entire XWiki installation. The vulnerability stems from a failure to sanitize input within the

SolrSearchMacros

component, specifically when handling RSS feed data. Attackers can inject and execute Groovy code via the

SolrSearch

macro, potentially gaining full control of the system. This flaw has been actively exploited in the wild, with reports of attackers deploying cryptocurrency miners. The vulnerable parameter is

text

within the

SolrSearch

request. The

SolrSearch

endpoint is located at

/xwiki/bin/get/Main/SolrSearch

.

Recommendations XWiki versions prior to 15.10.11: Upgrade to version 15.10.11 or later. XWiki versions prior to 16.4.1: Upgrade to version 16.4.1 or later. XWiki versions prior to 16.5.0RC1: Upgrade to version 16.5.0RC1 or later. XWiki versions 5.3-milestone-2 through 15.10.10: Upgrade to a version greater than 15.10.10. XWiki versions 16.0.0-rc-1 through 16.4.0: Upgrade to a version greater than 16.4.0. As a temporary workaround, edit

Main.SolrSearchMacros

in

SolrSearchMacros.xml

on line 955 to match the

rawResponse

macro in

macros.vm#L2824

with a content type of

application/xml

.