Tag Archives: VulnCheck

About Remote Code Execution – XWiki Platform (CVE-2025-24893) vulnerability

About Remote Code Execution – XWiki Platform (CVE-2025-24893) vulnerability. XWiki is a free and open-source wiki platform written in Java, with a strong focus on extensibility. It supports WYSIWYG visual editing, importing and exporting documents in OpenDocument format, adding annotations and tags, as well as flexible access rights management. The vulnerability allows an attacker with guest-level privileges to execute arbitrary code on the server by sending a crafted SolrSearch request.

⚙️ The vulnerability was fixed in versions 15.10.11, 16.4.1 and 16.5.0RC1, released in July 2024.

🛠 A proof-of-concept (POC) exploit was available in the original task to fix ZDI-CAN-23994, as well as in the security bulletin published on February 20, 2025. There are now more than 30 exploit variants on GitHub.

👾 On October 28, VulnCheck reported that the vulnerability was being exploited in the wild to deploy cryptominers. On October 30, it was added to the CISA KEV catalog.

На русском

I looked at VulnCheck KEV

Leave a reply

I looked at VulnCheck KEV. This is an analogue of CISA KEV (Know Exploited Vulnerabilities) by VulnCheck.

🔹 Unlike the public CISA KEV, only registered users have access to VulnCheck KEV. The VulnCheck website is accessible from Russian IPs 🇷🇺, but when registering they write that “account is currently under review” (in fact requests are simply blocked 🥸). Requests from non-Russian IPs are registered automatically. 🌝
🔹 There are ~2 times more CVEs in the database than in CISA KEV.
🔹 There are no standard tools for downloading all these CVEs via web-gui. 🤷‍♂️
🔹 There are links to exploits for CVEs that look good. 👌
🔹 There are signs of exploitation in the wild. Sometimes it’s clear, like “Outbreak Alerts 2023” pdf report. Sometimes it’s strange, like a link to a Shadowserver dashboard or a non-related blog post. 🤷‍♂️

The selection of CVEs is quite interesting, but the rationale for exploitation in the wild needs to be improved. 😉

На русском

This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.

Alexander V. Leonov

Vulnerability Management and more

Tag Archives: VulnCheck

About Remote Code Execution – XWiki Platform (CVE-2025-24893) vulnerability

I looked at VulnCheck KEV