The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has highlighted a significant injection vulnerability in the XWiki Platform, labeled CVE-2025-24893. This critical flaw enables unauthenticated attackers to execute arbitrary remote code, thereby compromising the overall security of systems utilizing this widely-used open-source wiki software. The vulnerability is specifically tied to the SolrSearch functionality, making it particularly concerning for organizations that rely on XWiki for collaborative content management.
CISA added this CVE to its Known Exploited Vulnerabilities catalog on October 30, 2025, underscoring the urgency for affected entities to implement corrective measures. Exploitation involves exposing a crafted request to the SolrSearch endpoint, potentially leading to complete system compromise. The recommended mitigation strategies include promptly applying available patches or modifying access controls to minimize risks while organizations work towards full remediation.
👉 Pročitaj original: Cyber Security News
