A recently discovered unauthenticated remote code execution vulnerability in XWiki, identified as CVE-2025-24893, is being actively exploited to deploy cryptocurrency mining malware. This vulnerability enables attackers to execute arbitrary code on unpatched systems, posing significant security risks for organizations utilizing XWiki. The exploitation involves a sophisticated two-stage attack, allowing attackers to modify payloads post-compromise, culminating in the installation of a Monero cryptocurrency miner. Notably, this vulnerability remains absent from the CISA Known Exploited Vulnerabilities catalog, highlighting a critical oversight in vulnerability tracking. The incident underscores the importance of prompt patching and robust network security measures to mitigate risks associated with emerging threats in the cybersecurity landscape.