The United States Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, one impacting the XWiki platform and the other VMware Aria Operations and VMware Tools.
CVE-2025-24893 is a remote code execution vulnerability that can be triggered through a request to SolrSearch. According to the developers of XWiki, this “impacts the confidentiality, integrity and availability of the whole XWiki installation”.
You’re out of free articles for this month
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
The issue was first disclosed in February 2025 and has a CVSS score of 9.8, making it a critical severity…