← ExploitWatch
HomeExploited Vulnerabilities

CVE-2025-24893 — Actively Exploited: Platform (XWiki)

XWiki Platform contains an eval injection vulnerability that could allow any guest to perform arbitrary remote code execution through a request to SolrSearch.

CVE IDCVE-2025-24893
VendorXWiki
ProductPlatform
Vulnerability nameXWiki Platform Eval Injection Vulnerability
Date added2025-10-30
Remediation due2025-11-20
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
DescriptionXWiki Platform contains an eval injection vulnerability that could allow any guest to perform arbitrary remote code execution through a request to SolrSearch.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →