Find notable cyber news and cases, enriched with sources, timelines, and signals.
Vulnerability

XWiki CVE-2025-24893 exploitation and miner deployment

Updated 18.11.2025 00:41
Case score 63
Case score 63 Members 1 Latest activity 18.11.2025 00:41
Active exploitation Public PoC/exploit reported CVSS: 9.8 Critical
Members 1 First seen 29.10.2025 09:44 Last seen 29.10.2025 09:44 Updated 18.11.2025 00:41

Overview

**CVE-2025-24893** in **XWiki** is under active exploitation through requests to **/bin/get/Main/SolrSearch**, giving attackers remote code execution on exposed servers. Observed abuse uses an eval-injection weakness to stage a downloader, then a miner payload that kills competing miners and runs after a delay. VulnCheck reported canary hits, and CrowdSec and Cyble said exploitation was already underway by **March 2025**. CISA added the flaw to the KEV catalog and set a remediation due date of **2025-11-20**. Available evidence points to live cryptomining activity rather than isolated testing, but the broader scale of compromise is not known.

Signals

6 derived
Exploitation
Exploitation Active exploitation CVSS 9.8 Critical Exploit Public PoC/exploit reported
CVEs/products
CVE
Threat context
Malware Tooling

Malware context

2 families · 2 tools
Tools
wget XMRig

Member happenings

1 related
Vulnerability XWiki eval injection actively exploited remote code execution flaw (CVE-2025-24893)
Updated 29.10.2025 09:44 Lead Contribution 63
Exploitation Active Exploitation Exploit Public Exploit CVSS 9.8 Critical

The **XWiki** eval injection flaw **CVE-2025-24893** is being **actively exploited**, putting exposed servers at risk of **remote code execution** via **/bin/get/Main/SolrSearch**. Attackers are chaining the bug into a **two-stage** workflow that drops a downloader and ultimately installs a **cryptocurrency miner**. VulnCheck said it observed exploitation attempts against **XWiki canaries**, and real-world abuse has been reported since **March 2025**. Users should **apply updates as soon as possible** to reduce exposure.