Protect Your XWiki Instance: Critical Remote Code Execution Vulnerability Patched

CVSScvssV3_1: 10

XWiki, an open source wiki platform, had a critical remote code execution vulnerability that could allow attackers to take full control of vulnerable wiki instances.

The issue was due to a lack of input sanitization in the search administration interface. This allowed attackers to inject malicious script code, including Groovy macros, via the id and label of search user interface extensions added to wiki pages.

As any logged in user can edit wiki pages by default, this gave attackers a way to execute arbitrary code remotely on the server simply by editing wiki content. This could lead to data theft, installation of malware, or complete server takeover.

Luckily, XWiki developers have addressed this vulnerability and released patched versions 14.10.15, 15.5.2 and 15.7RC1. If you are running an older version of XWiki, you should immediately update to one of these fixed releases.

You can also manually apply the patch to the “XWiki.SearchAdmin” page as a temporary workaround. Going forward, always keep your XWiki instance up-to-date with the latest security patches to protect against flaws like this. Promptly applying updates is one of the best ways to bolster your wiki’s defenses.