<ciso brief/>
Tag Banner

All news with #xwiki platform tag

all tags →

Mon, November 17, 2025

RondoDox Botnet Exploits Critical XWiki RCE (CVE-2025-24893)

#Security Advisory #Active Exploitation #RCE #KEV Added #RondoDox #XWiki Platform

⚠️ RondoDox operators are exploiting a critical remote code execution flaw in XWiki Platform (CVE-2025-24893), which CISA flagged as actively exploited on October 30. VulnCheck observed attacks beginning November 3 that inject base64-encoded Groovy into the XWiki SolrSearch endpoint via a crafted HTTP GET to download and run a remote shell (rondo..sh) that stages the main payload. Administrators should upgrade to 15.10.11 or 16.4.1, apply network controls, and use published IoCs to block scanning and payload hosts.

read more →