Exploits have been available publicly for over half a year, but the bug was previously targeted only for reconnaissance.
October 29, 2025 By Ionut Arghire
A critical-severity vulnerability in the popular open source enterprise wiki platform XWiki has been exploited in the wild as part of a low-end cryptocurrency mining operation, VulnCheck reports.
The issue, tracked as CVE-2025-24893 (CVSS score of 9.8), allows attackers to execute arbitrary code remotely, by sending a request to the SolrSearch macro, which uses the embedded Solr engine for full-text search.
Because the macro improperly sanitizes search parameters in Groovy, a remote, unauthenticated attacker can craft search requests and inject malicious code that will be executed with the privileges of the web server.
“The specific flaw exists within the handling of the text parameter provided to the SolrSearchMacros endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account,” a ZDI advisory reads.
