Hackers Rapidly Exploit XWiki Vulnerability for Botnets and Crypto Mining

Urgent patch needed for XWiki vulnerability CVE-2025-24893 as hackers deploy botnets and crypto miners globally.

By Content Team

Nov 17, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Multiple threat actors are actively exploiting CVE-2025-24893, a critical XWiki vulnerability discovered October 28, 2025, to deploy botnets and cryptocurrency miners on servers worldwide. CISA added it to their Known Exploited Vulnerabilities catalog just two days later on October 30.

The RondoDox botnet incorporated the flaw by November 3, causing a sharp spike in attacks. Hackers are using the vulnerability to execute malicious code through XWiki's SolrSearch endpoint, with attacks ranging from automated scanning to sophisticated reverse shell attempts from AWS IP addresses.

Organizations should immediately patch XWiki installations, monitor for unusual SolrSearch requests, and implement network segmentation to reduce exposure.

Source: Cyber Security News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

OpenAI Hit by North Korean Supply Chain Attack Through Popular JavaScript Library

Apr 13, 2026

Google Rushes Chrome Security Update to Fix Critical WebView Vulnerability

Jan 7, 2026

Microsoft Kicks Off 2026 With 112 Security Patches, Including Active Zero-Day Attack

Jan 14, 2026

Freedom Mobile Hit by Data Breach Affecting Customer Personal Information

Dec 27, 2025