CVE-2025-24814

EPSS 0.14%
Published 27.01.2025 09:15:14
Last modified 25.06.2025 16:41:43
Source security@apache.org
Teams watchlist Login
Open Login

Core creation allows users to replace "trusted" configset files with arbitrary configuration

Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual "trusted" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem.  These replacement config files are treated as "trusted" and can use "<lib>" tags to add to Solr's classpath, which an attacker might use to load malicious code as a searchComponent or other plugin.

This issue affects all Apache Solr versions up through Solr 9.7.  Users can protect against the vulnerability by enabling authentication and authorization on their Solr clusters or switching to SolrCloud (and away from "FileSystemConfigSetService").  Users are also recommended to upgrade to Solr 9.8.0, which mitigates this issue by disabling use of "<lib>" tags by default.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Solr Version < 9.8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.14%	0.354

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	2.1	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-250 Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

https://lists.apache.org/thread/gl291pn8x9f9n52ys5l0pc0b6qtf0qw1

Vendor Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2025/01/26/1

Third Party Advisory

Mailing List

https://security.netapp.com/advisory/ntap-20250214-0002/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-24814

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-24814

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-24814

EUVD