RondoDox has gained attention for targeting unpatched XWiki servers using a critical vulnerability that allows attackers to execute arbitrary code. This vulnerability, known as CVE-2025-24893, has a CVSS score of 9.8 and stems from an eval injection issue that permits any guest user to invoke remote code execution via a specific endpoint. XWiki’s maintainers rectified this flaw in versions 15.10.11, 16.4.1, and 16.5.0RC1 in late February 2025.
Evidence indicates that this weakness has been actively exploited since at least March. However, it was only in late October that VulnCheck reported detecting renewed exploitations associating this flaw with a two-step attack aimed at deploying cryptocurrency mining tools.
In response to this ongoing threat, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, compelling federal agencies to implement required mitigations by November 20.
A report from VulnCheck revealed a significant uptick in exploitation attempts, peaking on November 7 and again on November 11. These trends suggest that multiple threat actors are scanning for vulnerable systems. The RondoDox botnet is adapting quickly by incorporating various new attack vectors to amass susceptible devices for carrying out distributed denial-of-service (DDoS) attacks through HTTP, UDP, and TCP protocols. The initial detection of RondoDox exploits occurred on November 3, 2025.
Various other attacks have sought to leverage this vulnerability for different malicious objectives, including deploying cryptocurrency miners and attempting to establish reverse shells, alongside general reconnaissance activities using a Nuclei template for the CVE-2025-24893.
These developments underscore the importance of robust patch management practices in safeguarding systems against emerging threats. As VulnCheck’s Jacob Baines observed, the situation serves as a reminder of how vulnerabilities can rapidly attract the attention of multiple attackers following the initial exploitation.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.