This walkthrough covers the Editor machine on Hack The Box, an Easy Linux box. I gained initial access by exploiting CVE-2025–24893 in XWiki to get a shell as the xwiki user. Further enumeration…

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

A detailed walkthrough of exploiting the Editor machine on Hack The Box, demonstrating how to gain initial access through CVE-2025-24893 in XWiki 15.10.8 and escalate privileges using CVE-2024-32019 in Netdata's ndsudo plugin. The guide covers enumeration with Nmap, exploiting remote code execution vulnerabilities, credential discovery, and privilege escalation techniques to achieve root access.

Editor — Hack The Box: Complete Walkthrough for XWiki RCE & Root Exploitation

Get Death Esther’s stories in your inbox