Ddos

The RondoDox botnet malware is actively exploiting unpatched XWiki servers via the critical vulnerability CVE-2025-24893 (CVSS 9.8), allowing arbitrary remote code execution. 🔍 CVE-2025-24893 Evaluation injection bug that allows any guest user to execute remote code via the /bin/get/Main/SolrSearch endpoint. Affected versions: All before XWiki 15.10.11, 16.4.1 or 16.5.0RC1 Patch available from: February 2025 🤖 RondoDox: Expanding Botnet RondoDox incorporates vulnerable devices to: DDoS attacks (HTTP, UDP, TCP) Cryptocurrency mining Persistent access (reverse shells, backdoors) Chronology: March 2025 (first evidence) → Nov 3 (first RondoDox exploitation) → Nov 7 (maximum peak) → Nov 11 (new wave) ...