Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-24893 PoC — Remote code execution as guest via SolrSearchMacros request in xwiki

Source
https://github.com/The-Red-Serpent/CVE-2025-24893
Associated Vulnerability
Title:Remote code execution as guest via SolrSearchMacros request in xwiki (CVE-2025-24893)
Description:XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to `SolrSearch`. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance, without being logged in, go to `<host>/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28"Hello%20from"%20%2B%20"%20search%20text%3A"%20%2B%20%2823%20%2B%2019%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20`. If there is an output, and the title of the RSS feed contains `Hello from search text:42`, then the instance is vulnerable. This vulnerability has been patched in XWiki 15.10.11, 16.4.1 and 16.5.0RC1. Users are advised to upgrade. Users unable to upgrade may edit `Main.SolrSearchMacros` in `SolrSearchMacros.xml` on line 955 to match the `rawResponse` macro in `macros.vm#L2824` with a content type of `application/xml`, instead of simply outputting the content of the feed.
Description
POC
Readme
# PoC for CVE-2025-24893 — XWiki Remote Code Execution (Safe PoC)

**PoC for CVE-2025-24893:** XWiki' Remote Code Execution exploit for versions prior to **15.10.11**, **16.4.1** and **16.5.0RC1**.

> ⚠️ **IMPORTANT — AUTHORIZED TESTING ONLY**  
> This repository contains a *proof-of-concept* (PoC) project intended for **educational** and **authorized vulnerability testing**. Do **not** use any exploit code or techniques against systems you do not own or do not have explicit written permission to test. Unauthorized use may be illegal.

---

## Overview

- **CVE:** CVE-2025-24893  
- **Product:** XWiki Platform  
- **Affected versions (reported):** versions prior to **15.10.11**, **16.4.1**, and **16.5.0RC1**.  
- **Impact:** Remote Code Execution (RCE) via code (Groovy) injection when certain endpoints render untrusted content.  
- **PoC intent:** Demonstrate that arbitrary code execution is possible in a controlled environment — *this README and associated scripts are sanitized for safe, responsible use*.

---

## What this repository provides (safe mode)

- A **non-destructive PoC script** that demonstrates how an RCE condition might be triggered, **without** containing working exploit payloads (no reverse shells, no malicious one-liners).  
- A robust **test harness** for sending benign commands (e.g. `uname -a`, `echo "POC OK"`) to a target XWiki instance you control.  

---

## Requirements

- Python 3.8+  
- `requests` Python package:
```bash
pip install requests
File Snapshot

 [4.0K]  /data/pocs/ad313b58525fa5dda7a4efafbd4b9a1c9b078857
├── [2.9K]  exploit.py
├── [1.0K]  LICENSE
└── [1.5K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →