What is the CVSS score of CVE-2025-24893?

CVE-2025-24893 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 93.9%.

Which versions of Xwiki are affected by CVE-2025-24893?

Organizations using XWiki Platform face critical risk from CVE-2025-24893, a eval injection vulnerability rated CVSS 9.8.. A patch is available.

Is there a public PoC exploit available for CVE-2025-24893?

Yes, a public proof-of-concept exploit is available for CVE-2025-24893. Prioritise patching immediately. EPSS: 93.9%.

How to fix or mitigate CVE-2025-24893?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Vendor patch is available.

Xwiki CVE-2025-24893

CRITICAL

Eval Injection (CWE-95)

2025-02-20 security-advisories@github.com

RCE Code Injection Xwiki

9.8

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:27 vuln.today

Patch released

Mar 28, 2026 - 18:27 nvd

Patch available

Added to CISA KEV

Oct 31, 2025 - 13:17 cisa

CISA KEV

PoC Detected

Oct 31, 2025 - 13:17 vuln.today

Public exploit code

CVE Published

Feb 20, 2025 - 20:15 nvd

CRITICAL 9.8

DescriptionGitHub Advisory

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to SolrSearch. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance, without being logged in, go to <host>/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28"Hello%20from"%20%2B%20"%20search%20text%3A"%20%2B%20%2823%20%2B%2019%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20. If there is an output, and the title of the RSS feed contains Hello from search text:42, then the instance is vulnerable. This vulnerability has been patched in XWiki 15.10.11, 16.4.1 and 16.5.0RC1. Users are advised to upgrade. Users unable to upgrade may edit Main.SolrSearchMacros in SolrSearchMacros.xml on line 955 to match the rawResponse macro in macros.vm#L2824 with a content type of application/xml, instead of simply outputting the content of the feed.

AnalysisAI

XWiki Platform allows unauthenticated remote code execution through the SolrSearch endpoint, enabling guests to execute arbitrary code and compromise the entire XWiki installation.

Technical ContextAI

The CWE-95 eval injection in XWiki's SolrSearch page processes user input through the wiki's scripting engine without proper sanitization. Crafted search requests are evaluated as Groovy code, enabling arbitrary command execution on the server.

RemediationAI

Apply XWiki security updates. Restrict guest access to XWiki. Disable the SolrSearch feature if not required.

CVE-2025-24893 vulnerability details – vuln.today

Back

Xwiki CVE-2025-24893

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code