Widespread Exploitation of XWiki Vulnerability Observed
securityweek
Threat actors started exploiting a critical XWiki vulnerability en masse within two weeks of the bug being reported as exploited in the wild, VulnCheck warns.
Tracked as CVE-2025-24893 (CVSS score of 9.8), the flaw was discovered in May 2024 and patched in June 2024, but a CVE identifier was assigned to it only in early 2025, after technical information became public.
The bug exists because, in XWiki versions before 15.10.11, 16.4.1 and 16.5.0RC1, user-supplied input to a search function is improperly sanitized, allowing remote, unauthenticated attackers to execute arbitrary code via crafted requests to the search endpoint.
Proof-of-concept (PoC) code targeting the issue has been publicly available since early 2025, and security researchers observed the defect being targeted in reconnaissance attempts, but in-the-wild exploitation started only last month.
In late October, VulnCheck warned that a threat actor was exploiting CVE-2025-24893 as part of ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE