{ads}

RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet

Written By Saturday, 15 November 2025 Add Comment



November 15, 2025 at 10:05PM

The botnet malware known as RondoDox has been observed targeting unpatched XWiki instances against a critical security flaw that could allow attackers to achieve arbitrary code execution. The vulnerability in question is CVE-2025-24893 (CVSS score: 9.8), an eval injection bug that could allow any guest user to perform arbitrary remote code execution through a request to the "/bin/get/Main/

from The Hacker News https://ift.tt/HmUsur6

0 Response to "RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet"

Post a Comment

Subscribe to: Post Comments (Atom)

Article Top Ads

Central Ads Article 1

Middle Ads Article 2

Article Bottom Ads