{"id":30294500,"url":"https://github.com/d3ext/cve-2025-24893","last_synced_at":"2025-08-17T01:35:21.860Z","repository":{"id":309073239,"uuid":"1035076012","full_name":"D3Ext/CVE-2025-24893","owner":"D3Ext","description":"POC exploit for CVE-2025-24893","archived":false,"fork":false,"pushed_at":"2025-08-09T16:22:12.000Z","size":23,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-09T18:14:31.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/D3Ext.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-08-09T15:51:00.000Z","updated_at":"2025-08-09T16:22:15.000Z","dependencies_parsed_at":"2025-08-09T18:15:50.841Z","dependency_job_id":"a9bc81b8-c7b6-4dbf-8c32-b58441a4b248","html_url":"https://github.com/D3Ext/CVE-2025-24893","commit_stats":null,"previous_names":["d3ext/cve-2025-24893"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/D3Ext/CVE-2025-24893","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D3Ext%2FCVE-2025-24893","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D3Ext%2FCVE-2025-24893/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D3Ext%2FCVE-2025-24893/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D3Ext%2FCVE-2025-24893/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/D3Ext","download_url":"https://codeload.github.com/D3Ext/CVE-2025-24893/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D3Ext%2FCVE-2025-24893/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":270796216,"owners_count":24647319,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-16T02:00:11.002Z","response_time":91,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-08-17T01:35:16.155Z","updated_at":"2025-08-17T01:35:21.850Z","avatar_url":"https://github.com/D3Ext.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CVE-2025-24893\n\n```\n# Exploit Title: XWiki 15.10.10 - Unauthenticated Remote Code Execution\n# Date: 09/08/2025\n# Exploit Author: D3Ext\n# Vendor Homepage: https://www.xwiki.org/\n# Software Link: https://github.com/xwiki/xwiki-platform\n# Version: 15.10.10\n# Tested on: Kali Linux 2025\n# CVE: CVE-2025-24893\n```\n\n## Explanation\n\nThis repository contains a POC (Proof of Concept) of the CVE-2025-24893 vulnerability, which affects to XWiki 15.10.10 version. XWiki includes a macro called SolrSearch (defined in Main.SolrSearchMacros) enabling full-text search through the engine. The vulnerability stems from the way this macro evaluates search parameters in Groovy, failing to sanitize or restrict malicious input. Thus, unauthenticated attackers are able to execute arbitrary Groovy code remotely without authentication or prior access.\n\nVulnerable path:\n\n`/xwiki/bin/view/Main/SolrSearchMacros?search=...`\n\n## Usage\n\n```\nusage: CVE-2025-24893.py [-h] --url URL --command COMMAND\n\nXWiki 15.10.10 - Unauthenticated Remote Code Execution (RCE)\n\noptions:\n  -h, --help         show this help message and exit\n  --url URL          URL of the web root\n  --command COMMAND  command to execute\n```\n\n## Demo\n\n\u003cimg src=\"demo.png\"\u003e\n\n## References\n\n```\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-24893\nhttps://www.offsec.com/blog/cve-2025-24893/\nhttps://www.wiz.io/vulnerability-database/cve/cve-2025-24893\nhttps://www.incibe.es/en/incibe-cert/early-warning/vulnerabilities/cve-2025-24893\n```\n\n## License\n\nThis project is under [MIT](https://github.com/D3Ext/CVE-2024-25641/blob/main/LICENSE) license\n\nCopyright © 2025, *D3Ext*\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fd3ext%2Fcve-2025-24893","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fd3ext%2Fcve-2025-24893","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fd3ext%2Fcve-2025-24893/lists"}