Initiativen für
Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
Warning: Actively Exploited Remote Code Execution in XWiki Platform, Patch Immediately!
Image
Veröffentlicht : 18/11/2025
Last update: 18/11/2025
Affected products:
→ XWiki >= 5.3-milestone-2, XWiki < 15.10.11
→ XWiki >= 16.0.0-rc-1, XWiki < 16.4.1Type: Remote Code Execution
CVE/CVSS:
- CVE-2025-24893: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
Fortinet:
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rr6p-3pfg-562j
- https://jira.xwiki.org/browse/XWIKI-22149
- https://nvd.nist.gov/vuln/detail/CVE-2025-24893
Risks
A newly discovered vulnerability in XWiki’s SolrSearchMacros feature allows attackers to execute arbitrary remote code on affected installations.
XWiki Platform is an open-source enterprise wiki framework that provides collaborative knowledge management, application-building capabilities, and a robust runtime environment for custom components. Organisations rely on it to host documentation portals, internal knowledge bases, workflow apps, and dynamic content systems across teams and business units.
If exploited, this could lead to data breaches, system compromise, and operational downtime, impacting the confidentiality, integrity, and availability of critical businesses.
Multiple sources reported an increase in exploitation of this CVE by threat actors involving the RondoDox Botnet.
Description
A critical security vulnerability, CVE-2025-24893, has been identified in XWiki Platform’s XWiki-platform-search-solr-ui component. This flaw allows any unauthenticated guest to perform arbitrary remote code execution by issuing a specially crafted SolrSearchMacros request. Successful exploitation grants full control over the affected XWiki instance, posing a severe risk to data, system integrity, and overall platform stability.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
When mitigation measures or workarounds are available, consider implementing these as soon as possible and wherever feasible until you have completed patching.
Where vulnerabilities affect end of life devices, the Centre for Cybersecurity Belgium strongly encourages moving to a supported version.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.