BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

RondoDox Botnet Exploits Critical XWiki Flaw, Urges Patch Now

RondoDox Botnet Exploits Critical XWiki Vulnerability CVE-2025-24893 for Remote Code Execution and DDoS Attacks

  • The RondoDox botnet is exploiting a serious vulnerability in unpatched XWiki instances to conduct cyberattacks.
  • CVE-2025-24893 is an eval injection flaw enabling remote code execution, patched in recent XWiki versions.
  • Exploitation attempts increased sharply in November, involving multiple threat actors and varied attack methods.
  • CISA has listed the vulnerability in its Known Exploited Vulnerabilities catalog, imposing federal mitigation deadlines.
  • Attacks include deploying cryptocurrency miners, reverse shells, and distributed denial-of-service (DDoS) activity.

The botnet Malware named RondoDox has been actively targeting unpatched instances of XWiki by exploiting a critical security flaw identified as CVE-2025-24893. This vulnerability, classified as an eval injection bug, permits any guest user to execute arbitrary remote code through requests to the “/bin/get/Main/SolrSearch” endpoint. The flaw was addressed in XWiki releases 15.10.11, 16.4.1, and 16.5.0RC1, issued in late February 2025.

- Advertisement -

Although evidence of exploitation dates back to March, significant activity was reported in late October when VulnCheck observed fresh attempts that leveraged the vulnerability for a two-stage attack deploying cryptocurrency mining software. Following this, the Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to implement protective measures by November 20.

A recent spike in exploitation attempts was documented by VulnCheck on November 7 and November 11, indicating intensified scanning efforts likely involving multiple threat actors. RondoDox emerged as a primary actor beginning November 3, incorporating this vulnerability as part of its arsenal to recruit compromised devices into a botnet aimed at conducting distributed denial-of-service (DDoS) attacks using HTTP, UDP, and TCP protocols.

Additional attack tactics observed include deploying cryptocurrency miners, attempts to create reverse shells, and generalized probing activities utilizing a Nuclei template for CVE-2025-24893. These events underscore the importance of consistent patch application to maintain security.

Jacob Baines of VulnCheck remarked that “CVE-2025-24893 is a familiar story: one attacker moves first, and many follow. Within days of the initial exploitation, we saw botnets, miners, and opportunistic scanners all adopting the same vulnerability.”

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Crypto’s $2T Crash Awaits BlackRock Shock & FOMO

Bitcoin has stabilized near $60,000 after a downturn erased $2 trillion from the crypto...

Cambridge: Ethereum Energy Intensity Low, Overall Use High

Ethereum consumes roughly 7.87 GWh annually, the second-lowest energy intensity per market value among...

Saylor and Back oppose BIP-110 fork over Bitcoin security fears

Michael Saylor and Adam Back have publicly opposed BIP-110, a temporary Bitcoin fork proposal...

China, India groups target Pakistani police in cyber espionage

Suspected China- and India-aligned threat actors targeted Pakistani law enforcement in a sustained cyber...

AMD Stock Dips 10% Amid AI Volatility Ahead of Q3 Earnings

AMD stock fell nearly 10% from $580 on June 30 to roughly $516 by...

Must Read

7 Best Cryptocurrency Lending Platforms in 2025 (Ranked & Reviewed)

QUICK LINKSOur MethodologyHow to Choose the Best Crypto Lending Platform: Key Factors to ConsiderIn-Depth Reviews of the 7 Best Crypto Lending Platforms1. Nexo -...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading