XWiki’s SolrSearch Slip-Up: A Comedy of Code Execution Errors!

XWiki Platform is cracking under pressure with a critical vulnerability allowing a guest user to execute arbitrary code remotely. The flaw, CVE-2025-24893, affects versions up to 15.10.10, turning your XWiki into a potential hacker’s playground. The good news? It’s patched in newer versions. So, if you’re on XWiki 15.10.10, it’s time to upgrade!

1P
Published: April 7, 2025 2:46 pmAdded: April 7, 2025 at 8:10 amAssembled by: The Editor
Pro Dashboard

Hot Take:

XWiki has decided to join the ‘RCE for Everyone’ club, featuring a vulnerability so open it might as well have its own welcome mat. It’s like leaving your front door open and then acting surprised when someone walks in and takes your pizza. Seriously, who thought giving guest users the keys to the kingdom was a good idea? Patch up, folks, before your server becomes a playground!

Key Points:

  • XWiki Platform vulnerable to Remote Code Execution (RCE) via SolrSearch endpoint.
  • Allows any guest user to execute arbitrary commands on the server.
  • Impacts versions up to 15.10.10, fixed in versions 15.10.11, 16.4.1, and 16.5.0RC1.
  • CVSS Score of 9.8, making it a critical issue.
  • Patches available, so update your XWiki installations ASAP!

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?