XWiki Vulnerability Exploited in Cryptocurrency Mining Operation - SecurityWeek

A critical-severity vulnerability (CVE-2025-24893) in the XWiki enterprise wiki platform has been exploited in the wild, allowing attackers to execute arbitrary code for a cryptocurrency mining operation. The flaw, which involves improper sanitization of search parameters in the SolrSearch macro, was addressed in XWiki versions 15.10.11, 16.4.1, and 16.5.0RC1 in June 2024.