India, Nov. 17 -- A major vulnerability in XWiki has created a serious opportunity for attackers. The vulnerability, identified as CVE-2025-24893, permits even guest users to execute remote code on a server through the/bin/get/Main/SolrSearch endpoint. With the vulnerability, anyone that finds the weakness will be able to execute commands on the system as if they were a member of the system. The XWiki team triaged and fixed the bug in February 2025 with updates to versions 15.10.11, 16.4.1, and 16.5.0RC1. However, many users were never updated, which would leave their servers vulnerable long after the bug was fixed.

In March, attackers began attempting to exploit the bug in a quiet manner. These early attempts were small and easy to over...