Hackers Hijack Corporate XWiki Servers for Crypto Mining
hackread.comHackers exploit critical XWiki flaw CVE-2025-24893 to hijack corporate servers for cryptomining, with active attacks confirmed by VulnCheck researchers.
A critical security flaw is being actively exploited by cybercriminals to compromise corporate XWiki servers for cryptomining. This is an urgent threat targeting unpatched installations of the open-source documentation software, which is widely used by companies to manage and share internal documents.
The flaw, tracked as CVE-2025-24893 and identified within XWiki’s Solr Search feature, is a severe Remote Code Execution (RCE) vulnerability that gives attackers full control of your server without needing a password.
While this flaw has been known since March 2025, new research from VulnCheck confirms it is now being actively used in the wild. The full details of this new wave of attacks were published by VulnCheck on October 28 and shared with Hackread.com.
The Exploit: A Flaw in the Search Bar
The attack uses a ...
Copyright of this story solely belongs to hackread.com . To see the full text click HERE