Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-24814

Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual "trusted" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem. These replacement config files are treated as "trusted" and can use "<lib>" tags to add to Solr's classpath, which an attacker might use to load malicious code as a searchComponent or other plugin. This issue affects all Apache Solr versions up through Solr 9.7. Users can protect against the vulnerability by enabling authentication and authorization on their Solr clusters or switching to SolrCloud (and away from "FileSystemConfigSetService"). Users are also recommended to upgrade to Solr 9.8.0, which mitigates this issue by disabling use of "<lib>" tags by default.

Published

2025-01-27T09:15:14.947

Last Modified

2025-06-25T16:41:43.923

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-250
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	solr	< 9.8.0	Yes

References

https://lists.apache.org/thread/gl291pn8x9f9n52ys5l0pc0b6qtf0qw1 Mailing List, Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2025/01/26/1 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20250214-0002/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)