CVE-2025-24893

CRITICAL CISA KEV

CVSS v3

9.8

CRITICAL

EPSS Score

—

exploit probability

CISA KEV

Yes

known exploited

Exploitation

—

SSVC status

Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to `SolrSearch`. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance, without being logged in, go to `<host>/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28"Hello%20from"%20%2B%20"%20se

CISA Known Exploited Vulnerability

Date Added: 10/30/2025
Patch Due Date: 11/20/2025
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Technical Details

CVSS v3 Vector: 3.1
Published: 2/20/2025
Last Modified: 10/31/2025

Frequently Asked Questions

What is CVE-2025-24893?

Is CVE-2025-24893 actively exploited?

Yes. CVE-2025-24893 is on the CISA Known Exploited Vulnerabilities (KEV) catalog, meaning it has been confirmed as actively exploited in the wild. CISA requires federal agencies to patch by 11/20/2025.

What is the CVSS score for CVE-2025-24893?

CVE-2025-24893 has a CVSS v3 base score of 9.8 (CRITICAL severity), with vector string 3.1.

Is CVE-2025-24893 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.

Check an IP Search CVEs

Back to CVE Database