Full Report
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting XWiki Platform to its Known Exploited Vulnerabilities catalog, highlighting the urgent security threat posed by an eval injection flaw. This vulnerability could allow any guest user to execute arbitrary remote code without authentication, representing a severe risk to organizations using the popular […] The post CISA Issues Advisory on XWiki Flaw Allowing Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Analysis Summary
# Vulnerability: XWiki Platform Remote Code Execution via Eval Injection
## CVE Details
- CVE ID: CVE-2025-24893
- CVSS Score: Critical (Score not explicitly provided, but context implies maximum severity)
- CWE: CWE-95 (Improper Neutralization of Directives in Dynamically Evaluated Code)
## Affected Systems
- Products: XWiki Platform (specifically components involving SolrSearch)
- Versions: Specific vulnerable versions are not listed in the provided text.
- Configurations: Exploitable by **any guest user** without authentication.
## Vulnerability Description
The vulnerability is an **eval injection flaw** residing within the SolrSearch component of XWiki Platform. Attackers can inject malicious code into specially crafted requests. Because of improper handling of `eval` functions, this injection bypasses security restrictions, allowing unauthenticated guest users to execute arbitrary remote code (RCE) on the server with the privileges of the web server process.
## Exploitation
- Status: **Exploited in the wild** (Included in CISA's Known Exploited Vulnerabilities catalog).
- Complexity: **Low** (Exploitable without authentication by guest users).
- Attack Vector: **Network** (Remote exploitation via crafted requests).
## Impact
- Confidentiality: High (Potential access to sensitive data).
- Integrity: High (Ability to modify system state/data).
- Availability: High (Potential to compromise the entire server/service).
## Remediation
### Patches
- Vendor-provided security patches released by the XWiki development team must be applied immediately. (Specific patch version not detailed in the source).
### Workarounds
- Organizations **unable to apply patches immediately** are advised by CISA to **discontinue use of XWiki Platform** until comprehensive remediation is possible.
- Follow guidance outlined in CISA Binding Operational Directive (BOD) 22-01 for cloud-based instances.
## Detection
- Detection strategies should focus on identifying suspicious activity related to the SolrSearch component or unexpected code execution originating from unauthenticated user requests.
- CISA set a remediation deadline of November 20, 2025, implying urgency for assessment.
## References
- CISA Known Exploited Vulnerabilities Catalog (Search for CVE-2025-24893)
- Vendor advisories for XWiki Platform security releases.