The RondoDox botnet has been identified as exploiting CVE-2025-24893, a critical vulnerability affecting XWiki instances. This eval injection vulnerability has a CVSS score of 9.8, indicating severe risk. It allows any guest user to perform arbitrary remote code execution through a specific request. This means that even unauthenticated users can potentially execute malicious code on vulnerable servers, leading to significant security breaches.
Administrators of XWiki instances are urged to apply patches and updates to mitigate this threat. Failure to address this vulnerability could lead to severe consequences, including data breaches and system compromises. The active exploitation of this flaw by the RondoDox botnet highlights the importance of timely security updates and patch management in cybersecurity.
👉 Pročitaj original: The Hacker News
