CISA Issues Advisory on XWiki Flaw Allowing Remote Code Execution
gbhackersThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting XWiki Platform to its Known Exploited Vulnerabilities catalog, highlighting the urgent security threat posed by an eval injection flaw.
This vulnerability could allow any guest user to execute arbitrary remote code without authentication, representing a severe risk to organizations using the popular open-source wiki platform.
| Field | Details |
| CVE ID | CVE-2025-24893 |
| Affected Product | XWiki Platform |
| Vulnerability Type | Eval Injection |
| CVSS Score | Critical |
Critical Vulnerability Details
The vulnerability, identified as CVE-2025-24893, exists within XWiki Platform and stems from improper handling of eval functions in the SolrSearch component.
The flaw enables unauthenticated attackers to inject malicious code through specially crafted requests, bypassing security restrictions and gaining complete control over affected systems.
The vulnerability has been classified under CWE-95, which covers the broad category of improper neutralization of directives in dynamically evaluated code.
What makes this vulnerability particularly dangerous is its ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE