The botnet malware known as RondoDox has been observed
targeting unpatched XWiki instances against a critical security
flaw that could allow attackers to achieve arbitrary code
execution. The vulnerability in question is CVE-2025-24893 (CVSS
score: 9.8), an eval injection bug that could allow any guest user
to perform arbitrary remote code execution through a request to the
"/bin/get/Main/
Read more https://thehackernews.com/2025/11/rondodox-exploits-unpatched-xwiki.html
