The RondoDox botnet malware is exploiting a critical remote code execution vulnerability in the XWiki Platform (CVE-2025-24893), which is actively being targeted by multiple threat actors. Immediate patching is advised to prevent widespread attacks involving remote shell payloads and cryptocurrency miners. #RondoDox #CVE202524893
Keypoints
- The RondoDox botnet is exploiting the CVE-2025-24893 flaw in XWiki Platform to launch attacks.
- Active exploitation was first observed in early November, with threat actors deploying remote shell payloads.
- The vulnerability affects versions before 15.10.11 and 16.4.1, requiring immediate updates.
- Malicious actors are using specially crafted HTTP requests to inject code and download malware.
- Widespread scanning and attack activities have been detected, emphasizing the need for prompt mitigation.