CVE-2025-24893 XWiki CVE debrief

Who should care

XWiki Platform administrators, security teams, and service owners running XWiki deployments should care, especially if the platform is internet-facing or broadly accessible.

Technical summary

The available source material describes CVE-2025-24893 as an eval injection vulnerability in XWiki Platform. CISA added it to the Known Exploited Vulnerabilities catalog on 2025-10-30, which indicates observed exploitation and elevates remediation urgency.

Defensive priority

Urgent

Recommended defensive actions

• Inventory all XWiki Platform deployments and confirm whether any instance is exposed to untrusted users or networks.
• Review the referenced vendor guidance and apply mitigations per vendor instructions as soon as possible.
• Prioritize remediation for internet-facing or production XWiki instances before lower-risk environments.
• If the product is used in a cloud service, follow applicable CISA BOD 22-01 guidance.
• If mitigations are unavailable, remove or discontinue use of the product until a safe remedial path is available.
• Validate remediation by checking logs, access controls, and system behavior for any signs of compromise or abnormal activity.

Evidence notes

This debrief is based on the supplied CISA KEV record and official CVE/NVD references. The source corpus identifies CVE-2025-24893 as an XWiki Platform eval injection issue, marks it as known exploited, and sets the CISA remediation due date to 2025-11-20. No CVSS score or affected-version detail was provided in the supplied corpus.

Official resources