SecurityWeek reports that threat actors have exploited a critical arbitrary code execution flaw in the widely used open source enterprise wiki software platform XWiki, tracked as CVE-2025-24893, to facilitate a cryptomining operation.Attacks involving the vulnerability which was discovered by Trend Micro's John Kwak to have stemmed from the improper sanitization of Groovy search parameters have enabled the distribution of cryptocurrency mining malware, according to VulnCheck researchers."We observed multiple exploit attempts against our XWiki canaries coming from an attacker geolocated in Vietnam. The exploitation proceeds in a two-pass workflow separated by at least 20 minutes: the first pass stages a downloader (writes a file to disk), and the second pass later executes it," said VulnCheck.Illicit traffic in the attack was also found to have been from an IP address previously linked with nefarious activity. Such findings come after the bug was reported by CrowdSec to have been leveraged for reconnaissance efforts.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds