• Identifier of the vulnerability: CVE‑2025‑24893
• Affected software: XWiki
• Type of vulnerability: RCE
• Requires authentication: No
• Language you would use for writing the plugin: Templated plugins
• Resources:
  • https://nvd.nist.gov/vuln/detail/CVE-2025-24893 (CVSS 9.8 CRITICAL)
  • https://www.offsec.com/blog/cve-2025-24893/
  • https://github.com/a1baradi/Exploit/blob/main/CVE-2025-24893.py
  • https://github.com/xwiki/xwiki-platform
  • https://xwiki.com/en/company/references

Hi,
I offer to write a Tsunami Plugin for this Unauthenticated RCE on XWiki Platform.
Is this something you would be interested in?