0xVoodooCVE-2025-24893 - XWiki RCE
This vuln stems from improper user input sanitization when passing SolrSearch queries. Arbitrary groovy code can be executed due to a direct evaluate() call.
The vulnerable endpoint here is:
/xwiki/bin/get/Main/SolrSearch?media=rss&text=
License
GPL v3.0 - as all good software should be
Remember - don't be a skid :)