Xwiki Platform Security Update Advisory (CVE-2025-24893)

Nov 03 2025

Overview

We have released a security update to address a vulnerability in the Xwiki Platform. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-24893

Xwiki Platform Version: 5.3-milestone-2 or later and before 15.10.11
Xwiki Platform version: 16.0.0-rc-1 or later but before 16.4.1

Resolved Vulnerabilities

Remote code execution vulnerability in Xwiki Platform (CVE-2025-24893)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-24893

Xwiki Platform Version: 15.10.11
Xwiki Platform Version: 16.4.1
Xwiki Platform Version: 16.5.0-rc-1

References

[1] Remote code execution as guest via SolrSearchMacros request
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rr6p-3pfg-562j

Xwiki Platform Security Update Advisory (CVE-2025-24893)

Mozilla Products October 2025 Secondary Security Update Advisory

IBM Product Security Update Advisory (CVE-2025-36386)

Tags:

Mozilla Products October 2025 Secondary Security Update Advisory

IBM Product Security Update Advisory (CVE-2025-36386)