Description

Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual "trusted" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem.  These replacement config files are treated as "trusted" and can use "<lib>" tags to add to Solr's classpath, which an attacker might use to load malicious code as a searchComponent or other plugin. This issue affects all Apache Solr versions up through Solr 9.7.  Users can protect against the vulnerability by enabling authentication and authorization on their Solr clusters or switching to SolrCloud (and away from "FileSystemConfigSetService").  Users are also recommended to upgrade to Solr 9.8.0, which mitigates this issue by disabling use of "<lib>" tags by default.

INFO

Published Date :

2025-01-27T08:58:08.768Z

Last Modified :

2025-02-15T00:10:36.558Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2025-24814 vulnerability.

Vendors Products
Apache
  • Solr
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-24814.

URL Resource
http://www.openwall.com/lists/oss-security/2025/01/26/1 cve-icon cve-icon
https://lists.apache.org/thread/gl291pn8x9f9n52ys5l0pc0b6qtf0qw1 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-24814 cve-icon
https://security.netapp.com/advisory/ntap-20250214-0002/ cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-24814 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact