SCA: security update for org.xwiki.platform:xwiki-platform-search-solr-ui (GHSA-rr6p-3pfg-562j)

critical Tenable Cloud Security Plugin ID 420927

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
Any guest can perform arbitrary remote code execution through a request to `SolrSearch`. This impacts the
confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance,
without being logged in, go to `<host>/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7D%7B%7Basync%2
0async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28"Hello%20from"%20%2B%20"%20search%20text%3A"%20%2B%20%2823
%20%2B%2019%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20`. If there is an output, and the title of
the RSS feed contains `Hello from search text:42`, then the instance is vulnerable. This vulnerability has
been patched in XWiki 15.10.11, 16.4.1 and 16.5.0RC1. Users are advised to upgrade. Users unable to
upgrade may edit `Main.SolrSearchMacros` in `SolrSearchMacros.xml` on line 955 to match the `rawResponse`
macro in `macros.vm#L2824` with a content type of `application/xml`, instead of simply outputting the
content of the feed. (CVE-2025-24893)

See Also

https://github.com/advisories/GHSA-rr6p-3pfg-562j

Plugin Details

Severity: Critical

ID: 420927

Version: Revision 1.28

Type: Local

Family: SCA Checks

Published: 2/21/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: High

Score: 8.9

Percentile: 99.7

Vendor

Vendor Severity: Critical

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2025-24893

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/20/2025

Vulnerability Publication Date: 2/20/2025

CISA Known Exploited Vulnerability Due Dates: 11/20/2025

Exploitable With

Metasploit (Remote Code Execution Vulnerability in XWiki Platform (CVE-2025-24893))

Reference Information

CVE: CVE-2025-24893