A critical security flaw has been discovered impacting XWiki installations utilizing the SolrSearch Macro. This severe vulnerability, tracked as CVE-2025-24893, allows for unauthenticated Remote Code Execution (RCE).
The vulnerability resides specifically within the SolrSearch Macro. Exploiting this flaw grants an attacker the ability to execute arbitrary code on the affected XWiki server without requiring any form of authentication. This means anyone with network access to the XWiki instance could potentially compromise the system completely.
The implications of such an unauthenticated RCE vulnerability are profound. Attackers could leverage this to gain full control of the server, steal sensitive data, install malware, or disrupt operations entirely. The fact that no credentials are required significantly lowers the bar for exploitation, making vulnerable systems highly exposed.
Organizations using XWiki versions affected by this issue face a critical security risk. It is imperative to identify if the SolrSearch Macro is in use and, if so, determine if the installed XWiki version is vulnerable.
Immediate action is required to mitigate this severe vulnerability. Users should prioritize upgrading to a patched version of XWiki that addresses CVE-2025-24893. If upgrading is not immediately feasible, temporary workarounds might include disabling the SolrSearch Macro if it is not essential for operation, though applying the vendor-provided patch is the most effective and recommended solution to eliminate the risk of unauthenticated RCE. Staying informed about and promptly applying security patches is crucial for maintaining the integrity and safety of your XWiki instance against such critical vulnerabilities.
Source: https://www.offsec.com/blog/cve-2025-24893/
