Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet

The Hacker News by The Hacker News
November 15, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Nov 15, 2025Ravie LakshmananMalware / Vulnerability

The botnet malware known as RondoDox has been observed targeting unpatched XWiki instances against a critical security flaw that could allow attackers to achieve arbitrary code execution.

The vulnerability in question is CVE-2025-24893 (CVSS score: 9.8), an eval injection bug that could allow any guest user to perform arbitrary remote code execution through a request to the “/bin/get/Main/SolrSearch” endpoint. It was patched by the maintainers in XWiki 15.10.11, 16.4.1, and 16.5.0RC1 in late February 2025.

While there was evidence that the shortcoming had been exploited in the wild since at least March, it wasn’t until late October, when VulnCheck disclosed it had observed fresh attempts weaponizing the flaw as part of a two-stage attack chain to deploy a cryptocurrency miner.

DFIR Retainer Services

Subsequently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply necessary mitigations by November 20.

In a fresh report published Friday, VulnCheck revealed that it has since observed a spike in exploitation attempts, hitting a new high on November 7, followed by another surge on November 11. This indicates broader scanning activity likely driven by multiple threat actors participating in the effort.

This includes RondoDox, a botnet that’s rapidly adding new exploitation vectors to rope susceptible devices into a botnet for conducting distributed denial-of-service (DDoS) attacks using HTTP, UDP, and TCP protocols. The first RondoDox exploit was observed on November 3, 2025, per the cybersecurity company.

Other attacks have been observed exploiting the flaw to deliver cryptocurrency miners, as well as attempts to establish a reverse shell and general probing activity using a Nuclei template for CVE-2025-24893.

The findings once again illustrate the need for adopting robust patch management practices to ensure optimal protection.

“CVE-2025-24893 is a familiar story: one attacker moves first, and many follow,” VulnCheck’s Jacob Baines said. “Within days of the initial exploitation, we saw botnets, miners, and opportunistic scanners all adopting the same vulnerability.”



Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Use Google Gemini and ChatGPT to Organize Your Life With Scheduled Actions

Use Google Gemini and ChatGPT to Organize Your Life With Scheduled Actions

Recommended.

AWS Loses Generative AI GM And Amazon Bedrock Leader

AWS Loses Generative AI GM And Amazon Bedrock Leader

June 30, 2025
transcosmos wins Special Jury Award at Contact Center Awards 2025

transcosmos wins Special Jury Award at Contact Center Awards 2025

November 20, 2025

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio