automatic module_metadata_base.json update

jenkins-metasploit · jenkins-metasploit · commit e0fec0e61b16 · 2025-09-01T11:46:04.000Z
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -121540,6 +121540,66 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_multi/http/xwiki_unauth_rce_cve_2025_24893": {
+    "name": "Remote Code Execution Vulnerability in XWiki Platform (CVE-2025-24893)",
+    "fullname": "exploit/multi/http/xwiki_unauth_rce_cve_2025_24893",
+    "aliases": [],
+    "rank": 600,
+    "disclosure_date": "2025-02-20",
+    "type": "exploit",
+    "author": [
+      "Maksim Rogov",
+      "John Kwak"
+    ],
+    "description": "This module exploits a template injection vulnerability in the the XWiki Platform.\n          XWiki includes a macro called SolrSearch (defined in Main.SolrSearchMacros) that enables full-text search through the embedded Solr engine.\n          The vulnerability stems from the way this macro evaluates search parameters in Groovy, failing to sanitize or restrict malicious input.\n\n          This vulnerability affects XWiki Platform versions >= 5.3-milestone-2 and < 15.10.11, and versions >= 16.0.0-rc-1 and < 16.4.1.\n          Successful exploitation may result in the remote code execution under the privileges\n          of the web server, potentially exposing sensitive data or disrupting survey operations.\n\n          An attacker can execute arbitrary system commands in the context of the user running the web server.",
+    "references": [
+      "CVE-2025-24893",
+      "URL-https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rr6p-3pfg-562j"
+    ],
+    "platform": "Linux,Unix,Windows",
+    "arch": "cmd",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Unix Command",
+      "Windows Command"
+    ],
+    "mod_time": "2025-08-29 08:41:43 +0000",
+    "path": "/modules/exploits/multi/http/xwiki_unauth_rce_cve_2025_24893.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/xwiki_unauth_rce_cve_2025_24893",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs",
+        "artifacts-on-disk"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
   "exploit_multi/http/zabbix_script_exec": {
     "name": "Zabbix Authenticated Remote Command Execution",
     "fullname": "exploit/multi/http/zabbix_script_exec",
