Exploit for CVE-2025-24893 CVE-2024-4577 CVE-2025-24893

Name: Exploit for CVE-2025-24893 CVE-2024-4577 CVE-2025-24893
Rating: 5 (269 reviews)

2025-02-24 | CVSS 9.8

## https://sploitus.com/exploit?id=F1AA7640-CDDE-5A50-9056-90289C2A2CDE
# CVE-2024-4577

XWiki is a generic wiki platform offering runtime services for applications built on top of it. Not authenticated guest user can perform arbitrary remote code execution through a request to the `SolrSearch` end point.

# Usage

```
usage:  CVE-2025-24893.py [-h] [-v] URL COMMAND

XWiki SolrSearchMacros Remote Code Execution (CVE-2025-24893) PoC. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-24893

positional arguments:
  URL            target address
  COMMAND        command to execute e.g. Runtime.getRuntime().exec('calc')

optional arguments:
  -h, --help     show this help message and exit
  -v, --version  show program's version number and exit
```