CVE-2025-24893 - XWiki RCE

This vuln stems from improper user input sanitization when passing SolrSearch queries. Arbitrary groovy code can be executed due to a direct evaluate() call.

The vulnerable endpoint here is: /xwiki/bin/get/Main/SolrSearch?media=rss&text=

License

GPL v3.0 - as all good software should be

Only with explicit permission from the target system owner.

Remember - don't be a skid :)