# CVE-2025-24893 - XWiki RCE

This vuln stems from improper user input sanitization when passing SolrSearch queries. Arbitrary groovy code can be executed due to a direct evaluate() call.

The vulnerable endpoint here is:
`/xwiki/bin/get/Main/SolrSearch?media=rss&text=`

# License
GPL v3.0 - as all good software should be

Only with explicit permission from the target system owner.

Remember - don't be a skid :)