CRITICAL🇵🇱 Wersja polska

CVE-2024-31984

CVSS 9.9v3.1pub. 2024-04-10upd. 2025-01-21

XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the (Solr-based) search in XWiki. This allows any user who can edit the title of a space (all users by default) to execute any Groovy code in the XWiki installation which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10 RC1. As a workaround, manually apply the patch to the `Main.SolrSpaceFacet` page.

🤖 AI Analysis
How it works

An attacker creates a document with a properly crafted space title that contains malicious Groovy code. During title processing by the Solr search component (specifically the `Main.SolrSpaceFacet` page), the input data is interpreted and executed as Groovy code without proper validation or isolation (CWE-94, CWE-95). This results in execution of arbitrary code on the XWiki server side in the context of the entire installation.

Impact

An attacker can execute arbitrary Groovy code on the server, leading to complete breach of confidentiality, integrity, and availability of the entire XWiki installation. In practice, this means the possibility of server takeover, data leakage, and disruption of platform operations.

Mitigation & patch

XWiki Platform should be updated to version 14.10.20, 15.5.4, or 15.10 RC1. As a workaround without updating, the patch should be manually applied to the `Main.SolrSpaceFacet` page according to commits published in the vendor's GitHub repository.

Who is affected

XWiki Platform in versions from 7.2-rc-1 to versions preceding 14.10.20, 15.5.4, and 15.10-rc-1

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Xwiki

    APP
    Xwiki
    7.27.3 – 14.10.20 (bez)15.0 – 15.5.4 (bez)15.6 – 15.10 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-24893CRITICAL9.8⚠ KEVPL ✓ten sam produkt

XWiki Platform — niezautoryzowany RCE przez endpoint SolrSearch

CVE-2025-55748CRITICAL9.3PL ✓ten sam produkt

XWiki Platform — path traversal umożliwia odczyt plików konfiguracyjnych

CVE-2025-55747CRITICAL9.3PL ✓ten sam produkt

XWiki Platform: ujawnienie plików konfiguracyjnych przez webjars API (path traversal)

CVE-2025-32429CRITICAL9.3PL ✓ten sam produkt

SQL Injection w XWiki Platform via parametr sort w getdeleteddocuments.vm

CVE-2025-53836CRITICAL9.9PL ✓ten sam produkt

XWiki Rendering: bypass trybu restricted przez zagnieżdżone makra