{"id":131890,"date":"2025-10-31T07:25:25","date_gmt":"2025-10-31T07:25:25","guid":{"rendered":"https:\/\/cybersecuritynews.com\/?p=131890"},"modified":"2025-10-31T07:27:02","modified_gmt":"2025-10-31T07:27:02","slug":"xwiki-platform-injection-vulnerability-exploited","status":"publish","type":"post","link":"https:\/\/cybersecuritynews.com\/xwiki-platform-injection-vulnerability-exploited\/","title":{"rendered":"CISA Warns of XWiki Platform Injection vulnerability Exploited to Execute Remote Code"},"content":{"rendered":"\n<p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a severe injection vulnerability in the XWiki Platform, designated as <a href=\"https:\/\/cybersecuritynews.com\/xwiki-rce-vulnerability\/\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2025-24893<\/a>.<\/p>\n\n\n\n<p>This flaw allows unauthenticated attackers to execute arbitrary remote code, posing significant risks to organizations using the open-source wiki software.<\/p>\n\n\n\n<p>Discovered and actively exploited, the vulnerability underscores the dangers of eval injection in <a href=\"https:\/\/cybersecuritynews.com\/web-application-penetration-testing-companies\/\" target=\"_blank\" rel=\"noreferrer noopener\">web applications<\/a>, particularly those handling search functionalities.<\/p>\n\n\n\n<p>XWiki, a popular platform for collaborative content management, suffers from this eval injection issue in its SolrSearch feature. Attackers can exploit it without logging in, potentially compromising entire installations.<\/p>\n\n\n\n<p>CISA added the CVE to its Known Exploited Vulnerabilities catalog on October 30, 2025, emphasizing the need for immediate action amid reports of real-world exploitation.<\/p>\n\n\n\n<p>While it&#8217;s unclear if ransomware groups are leveraging it specifically, the flaw&#8217;s severity aligns with tactics seen in broader campaigns targeting content management systems.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-vulnerability-mechanics-and-impact\"><strong>Vulnerability Mechanics and Impact<\/strong><\/h2>\n\n\n\n<p>At its core, CVE-2025-24893 stems from improper handling of user input in the SolrSearch endpoint, classified under CWE-95 for improper neutralization of directives in dynamically evaluated code. Any guest user can send a crafted request to trigger code execution.<\/p>\n\n\n\n<p>For instance, a simple test involves accessing the SolrSearch RSS feed with a payload like %7D%7D%7D%7B%7Basync async=false%7D%7D%7B%7Bgroovy%7D%7Dprintln(&#8220;Hello from&#8221; + &#8221; search text:&#8221; + (23 + 19))%7B%7B\/groovy%7D%7D%7B%7B\/async%7D%7D. If the response includes &#8220;Hello from search text:42&#8221; in the RSS title, the instance is vulnerable.<\/p>\n\n\n\n<p>The impact is devastating: complete remote code execution undermines confidentiality, integrity, and availability. Attackers could steal data, deploy malware, or pivot to other systems.<\/p>\n\n\n\n<p>Affected versions include those prior to the patches, primarily impacting enterprise users in education, government, and corporate sectors who rely on XWiki for internal knowledge bases.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>CVE ID<\/th><th>Description<\/th><th>Affected Products\/Versions<\/th><th>CVSS 3.1 Score<\/th><th>CWE<\/th><th>Exploitation Status<\/th><\/tr><\/thead><tbody><tr><td>CVE-2025-24893<\/td><td>Eval injection in SolrSearch allowing arbitrary RCE<\/td><td>XWiki Platform &lt; 15.10.11, &lt; 16.4.1, &lt; 16.5.0RC1<\/td><td>9.8 (Critical)<\/td><td>CWE-95<\/td><td>Actively exploited in the wild<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-mitigations\"><strong>Mitigations<\/strong><\/h2>\n\n\n\n<p><a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CISA urges<\/a> users to promptly apply vendor mitigations, adhere to Binding Operational Directive 22-01 for <a href=\"https:\/\/cybersecuritynews.com\/cloudflare-warp-hijack\/\" target=\"_blank\" rel=\"noreferrer noopener\">cloud services<\/a>, or discontinue use of the product if patches are unavailable.<\/p>\n\n\n\n<p>XWiki has released fixes in versions 15.10.11, 16.4.1, and 16.5.0RC1, which sanitize inputs and prevent eval execution.<\/p>\n\n\n\n<p>As a temporary workaround, administrators can modify the Main.SolrSearchMacros file, specifically line 955, to enforce an application\/xml content type for the rawResponse macro, mirroring the template&#8217;s secure output handling.<\/p>\n\n\n\n<p>This blocks malicious payloads without a full upgrade. Organizations should also monitor logs for suspicious SolrSearch requests and restrict guest access where possible.<\/p>\n\n\n\n<p>This incident highlights the ongoing threats to legacy web platforms. With exploitation confirmed, swift patching remains critical to safeguard sensitive environments.<\/p>\n\n\n\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 94%,rgb(169,184,195) 100%)\"><strong>Follow us on <a href=\"https:\/\/news.google.com\/publications\/CAAqMggKIixDQklTR3dnTWFoY0tGV041WW1WeWMyVmpkWEpwZEhsdVpYZHpMbU52YlNnQVAB?hl=en-IN&amp;gl=IN&amp;ceid=IN:en\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google News<\/a>, <a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">LinkedIn<\/a>, and <a href=\"https:\/\/x.com\/cyber_press_org\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">X<\/a> for daily cybersecurity updates. <a href=\"https:\/\/cybersecuritynews.com\/contact-us\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Contact us<\/a> to feature your stories.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a severe injection vulnerability in the XWiki Platform, designated as CVE-2025-24893. This flaw allows unauthenticated attackers to execute arbitrary remote code, posing significant risks to organizations using the open-source wiki software. Discovered and actively exploited, the vulnerability underscores the dangers of [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":131902,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiEkvjk-4G0cPuvTvAEdva0c-HC_XEKgfTFV60ZGdGELY2j7BUkygszX6w-rDiCIFAoKlXUKpUCVi83u3GTpC4naThaAbQEYWVymXIiw7HKAxPWdLgGqD3tvzkdSlravbwI7u3ECMoCgP94vSEmdOk5oFHZQ5B3KnZ7N3M7nxd16AFR-BqlWAkkRAYL8pzy\/s16000\/XWiki%20Platform%20Injection%20vulnerability%20Exploited.webp","fifu_image_alt":"XWiki Platform Injection vulnerability Exploited","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[10,11,2737],"tags":[149,151,416],"class_list":{"0":"post-131890","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-security","8":"category-cyber-security-news","9":"category-vulnerability-news","10":"tag-cyber-security","11":"tag-cyber-security-news","12":"tag-vulnerability"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.7.1 (Yoast SEO v25.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>CISA Warns of XWiki Platform Injection vulnerability Exploited to Execute Remote Code<\/title>\n<meta name=\"description\" content=\"CISA has issued an urgent warning about a severe injection vulnerability in the XWiki Platform, designated as CVE-2025-24893.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cybersecuritynews.com\/xwiki-platform-injection-vulnerability-exploited\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CISA Warns of XWiki Platform Injection vulnerability Exploited to Execute Remote Code\" \/>\n<meta property=\"og:description\" content=\"CISA has issued an urgent warning about a severe injection vulnerability in the XWiki Platform, designated as CVE-2025-24893.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cybersecuritynews.com\/xwiki-platform-injection-vulnerability-exploited\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Security News\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Hackingtutorialsandnews\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/guruba008\" \/>\n<meta property=\"article:published_time\" content=\"2025-10-31T07:25:25+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-31T07:27:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiEkvjk-4G0cPuvTvAEdva0c-HC_XEKgfTFV60ZGdGELY2j7BUkygszX6w-rDiCIFAoKlXUKpUCVi83u3GTpC4naThaAbQEYWVymXIiw7HKAxPWdLgGqD3tvzkdSlravbwI7u3ECMoCgP94vSEmdOk5oFHZQ5B3KnZ7N3M7nxd16AFR-BqlWAkkRAYL8pzy\/s16000\/XWiki%20Platform%20Injection%20vulnerability%20Exploited.webp\" \/><meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiEkvjk-4G0cPuvTvAEdva0c-HC_XEKgfTFV60ZGdGELY2j7BUkygszX6w-rDiCIFAoKlXUKpUCVi83u3GTpC4naThaAbQEYWVymXIiw7HKAxPWdLgGqD3tvzkdSlravbwI7u3ECMoCgP94vSEmdOk5oFHZQ5B3KnZ7N3M7nxd16AFR-BqlWAkkRAYL8pzy\/s16000\/XWiki%20Platform%20Injection%20vulnerability%20Exploited.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Guru Baran\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiEkvjk-4G0cPuvTvAEdva0c-HC_XEKgfTFV60ZGdGELY2j7BUkygszX6w-rDiCIFAoKlXUKpUCVi83u3GTpC4naThaAbQEYWVymXIiw7HKAxPWdLgGqD3tvzkdSlravbwI7u3ECMoCgP94vSEmdOk5oFHZQ5B3KnZ7N3M7nxd16AFR-BqlWAkkRAYL8pzy\/s16000\/XWiki%20Platform%20Injection%20vulnerability%20Exploited.webp\" \/>\n<meta name=\"twitter:creator\" content=\"@guruba008\" \/>\n<meta name=\"twitter:site\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Guru Baran\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"CISA Warns of XWiki Platform Injection vulnerability Exploited to Execute Remote Code","description":"CISA has issued an urgent warning about a severe injection vulnerability in the XWiki Platform, designated as CVE-2025-24893.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cybersecuritynews.com\/xwiki-platform-injection-vulnerability-exploited\/","og_locale":"en_US","og_type":"article","og_title":"CISA Warns of XWiki Platform Injection vulnerability Exploited to Execute Remote Code","og_description":"CISA has issued an urgent warning about a severe injection vulnerability in the XWiki Platform, designated as CVE-2025-24893.","og_url":"https:\/\/cybersecuritynews.com\/xwiki-platform-injection-vulnerability-exploited\/","og_site_name":"Cyber Security News","article_publisher":"https:\/\/www.facebook.com\/Hackingtutorialsandnews","article_author":"https:\/\/www.facebook.com\/guruba008","article_published_time":"2025-10-31T07:25:25+00:00","article_modified_time":"2025-10-31T07:27:02+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiEkvjk-4G0cPuvTvAEdva0c-HC_XEKgfTFV60ZGdGELY2j7BUkygszX6w-rDiCIFAoKlXUKpUCVi83u3GTpC4naThaAbQEYWVymXIiw7HKAxPWdLgGqD3tvzkdSlravbwI7u3ECMoCgP94vSEmdOk5oFHZQ5B3KnZ7N3M7nxd16AFR-BqlWAkkRAYL8pzy\/s16000\/XWiki%20Platform%20Injection%20vulnerability%20Exploited.webp","type":"","width":"","height":""},{"width":1600,"height":900,"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiEkvjk-4G0cPuvTvAEdva0c-HC_XEKgfTFV60ZGdGELY2j7BUkygszX6w-rDiCIFAoKlXUKpUCVi83u3GTpC4naThaAbQEYWVymXIiw7HKAxPWdLgGqD3tvzkdSlravbwI7u3ECMoCgP94vSEmdOk5oFHZQ5B3KnZ7N3M7nxd16AFR-BqlWAkkRAYL8pzy\/s16000\/XWiki%20Platform%20Injection%20vulnerability%20Exploited.webp","type":"image\/jpeg"}],"author":"Guru Baran","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiEkvjk-4G0cPuvTvAEdva0c-HC_XEKgfTFV60ZGdGELY2j7BUkygszX6w-rDiCIFAoKlXUKpUCVi83u3GTpC4naThaAbQEYWVymXIiw7HKAxPWdLgGqD3tvzkdSlravbwI7u3ECMoCgP94vSEmdOk5oFHZQ5B3KnZ7N3M7nxd16AFR-BqlWAkkRAYL8pzy\/s16000\/XWiki%20Platform%20Injection%20vulnerability%20Exploited.webp","twitter_creator":"@guruba008","twitter_site":"@The_Cyber_News","twitter_misc":{"Written by":"Guru Baran","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/cybersecuritynews.com\/xwiki-platform-injection-vulnerability-exploited\/#article","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/xwiki-platform-injection-vulnerability-exploited\/"},"author":{"name":"Guru Baran","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/f7f138f8fd41a61bb60151da47730026"},"headline":"CISA Warns of XWiki Platform Injection vulnerability Exploited to Execute Remote Code","datePublished":"2025-10-31T07:25:25+00:00","dateModified":"2025-10-31T07:27:02+00:00","mainEntityOfPage":{"@id":"https:\/\/cybersecuritynews.com\/xwiki-platform-injection-vulnerability-exploited\/"},"wordCount":478,"publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"image":{"@id":"https:\/\/cybersecuritynews.com\/xwiki-platform-injection-vulnerability-exploited\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiEkvjk-4G0cPuvTvAEdva0c-HC_XEKgfTFV60ZGdGELY2j7BUkygszX6w-rDiCIFAoKlXUKpUCVi83u3GTpC4naThaAbQEYWVymXIiw7HKAxPWdLgGqD3tvzkdSlravbwI7u3ECMoCgP94vSEmdOk5oFHZQ5B3KnZ7N3M7nxd16AFR-BqlWAkkRAYL8pzy\/s16000\/XWiki%20Platform%20Injection%20vulnerability%20Exploited.webp?w=1600&resize=1600,900&ssl=1","keywords":["cyber security","cyber security news","vulnerability"],"articleSection":["Cyber Security","Cyber Security News","Vulnerability News"],"inLanguage":"en-US","copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/cybersecuritynews.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/cybersecuritynews.com\/xwiki-platform-injection-vulnerability-exploited\/","url":"https:\/\/cybersecuritynews.com\/xwiki-platform-injection-vulnerability-exploited\/","name":"CISA Warns of XWiki Platform Injection vulnerability Exploited to Execute Remote Code","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cybersecuritynews.com\/xwiki-platform-injection-vulnerability-exploited\/#primaryimage"},"image":{"@id":"https:\/\/cybersecuritynews.com\/xwiki-platform-injection-vulnerability-exploited\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiEkvjk-4G0cPuvTvAEdva0c-HC_XEKgfTFV60ZGdGELY2j7BUkygszX6w-rDiCIFAoKlXUKpUCVi83u3GTpC4naThaAbQEYWVymXIiw7HKAxPWdLgGqD3tvzkdSlravbwI7u3ECMoCgP94vSEmdOk5oFHZQ5B3KnZ7N3M7nxd16AFR-BqlWAkkRAYL8pzy\/s16000\/XWiki%20Platform%20Injection%20vulnerability%20Exploited.webp?w=1600&resize=1600,900&ssl=1","datePublished":"2025-10-31T07:25:25+00:00","dateModified":"2025-10-31T07:27:02+00:00","description":"CISA has issued an urgent warning about a severe injection vulnerability in the XWiki Platform, designated as CVE-2025-24893.","breadcrumb":{"@id":"https:\/\/cybersecuritynews.com\/xwiki-platform-injection-vulnerability-exploited\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cybersecuritynews.com\/xwiki-platform-injection-vulnerability-exploited\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/xwiki-platform-injection-vulnerability-exploited\/#primaryimage","url":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiEkvjk-4G0cPuvTvAEdva0c-HC_XEKgfTFV60ZGdGELY2j7BUkygszX6w-rDiCIFAoKlXUKpUCVi83u3GTpC4naThaAbQEYWVymXIiw7HKAxPWdLgGqD3tvzkdSlravbwI7u3ECMoCgP94vSEmdOk5oFHZQ5B3KnZ7N3M7nxd16AFR-BqlWAkkRAYL8pzy\/s16000\/XWiki%20Platform%20Injection%20vulnerability%20Exploited.webp?w=1600&resize=1600,900&ssl=1","contentUrl":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiEkvjk-4G0cPuvTvAEdva0c-HC_XEKgfTFV60ZGdGELY2j7BUkygszX6w-rDiCIFAoKlXUKpUCVi83u3GTpC4naThaAbQEYWVymXIiw7HKAxPWdLgGqD3tvzkdSlravbwI7u3ECMoCgP94vSEmdOk5oFHZQ5B3KnZ7N3M7nxd16AFR-BqlWAkkRAYL8pzy\/s16000\/XWiki%20Platform%20Injection%20vulnerability%20Exploited.webp?w=1600&resize=1600,900&ssl=1","width":"1600","height":"900","caption":"XWiki Platform Injection vulnerability Exploited"},{"@type":"BreadcrumbList","@id":"https:\/\/cybersecuritynews.com\/xwiki-platform-injection-vulnerability-exploited\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cybersecuritynews.com\/"},{"@type":"ListItem","position":2,"name":"CISA Warns of XWiki Platform Injection vulnerability Exploited to Execute Remote Code"}]},{"@type":"WebSite","@id":"https:\/\/cybersecuritynews.com\/#website","url":"https:\/\/cybersecuritynews.com\/","name":"Cyber Security News","description":"World&#039;s #1 Premier Cybersecurity and Hacking News Portal","publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cybersecuritynews.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cybersecuritynews.com\/#organization","name":"Cyber Security News","url":"https:\/\/cybersecuritynews.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/","url":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","contentUrl":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","width":200,"height":200,"caption":"Cyber Security News"},"image":{"@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Hackingtutorialsandnews","https:\/\/x.com\/The_Cyber_News","https:\/\/www.linkedin.com\/company\/cybersecurity-news\/"]},{"@type":"Person","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/f7f138f8fd41a61bb60151da47730026","name":"Guru Baran","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/72f86da0bb72b6886d25f0ef0c881daba3a98356bc44f916f8d3a62c9e856579?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/72f86da0bb72b6886d25f0ef0c881daba3a98356bc44f916f8d3a62c9e856579?s=96&d=mm&r=g","caption":"Guru Baran"},"description":"Gurubaran is the Co-Founder and Editor-in-Chief of CyberSecurityNews.com, specializing in vulnerability analysis, malware research, ransomware, and computer forensics.","sameAs":["https:\/\/cybersecuritynews.com","https:\/\/www.facebook.com\/guruba008","https:\/\/www.linkedin.com\/in\/gurubaran-cyberwrites\/","https:\/\/x.com\/guruba008"],"url":"https:\/\/cybersecuritynews.com\/author\/guru\/"}]}},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiEkvjk-4G0cPuvTvAEdva0c-HC_XEKgfTFV60ZGdGELY2j7BUkygszX6w-rDiCIFAoKlXUKpUCVi83u3GTpC4naThaAbQEYWVymXIiw7HKAxPWdLgGqD3tvzkdSlravbwI7u3ECMoCgP94vSEmdOk5oFHZQ5B3KnZ7N3M7nxd16AFR-BqlWAkkRAYL8pzy\/s16000\/XWiki%20Platform%20Injection%20vulnerability%20Exploited.webp?w=1600&resize=1600,900&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/131890","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/comments?post=131890"}],"version-history":[{"count":2,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/131890\/revisions"}],"predecessor-version":[{"id":131903,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/131890\/revisions\/131903"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media\/131902"}],"wp:attachment":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media?parent=131890"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/categories?post=131890"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/tags?post=131890"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}