Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Nov 20, 2025

CVE-2025-24893

High
EPSS 94.2%CISA KEV
XWiki/Platform

Description

XWiki Platform contains an eval injection vulnerability that could allow any guest to perform arbitrary remote code execution through a request to SolrSearch.

EPSS — Exploit Probability

94.2%

Higher than 99.9% of all CVEs

Required Action

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rr6p-3pfg-562j ; https://nvd.nist.gov/vuln/detail/CVE-2025-24893

Related Articles (1)

Malware & Threats

Google: Cloud attacks exploit flaws more than weak credentials

Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days.

Mar 9, 2026

Risk Assessment

HIGH
In CISA KEV
High EPSS

Details

Severity
High
EPSS
94.2%
CISA KEV
Yes
Ransomware
Unknown
Articles
1

Timeline

Published

Oct 30, 2025

Added to KEV

Oct 30, 2025

Remediation Due

Nov 20, 2025

Affected Product

XWiki

Platform

View all XWiki CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE