ghsa-68r2-fwcg-qpm8
Vulnerability from github
Core creation allows users to replace "trusted" configset files with arbitrary configuration
Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual "trusted" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem. These replacement config files are treated as "trusted" and can use "
This issue affects all Apache Solr versions up through Solr 9.7. Users can protect against the vulnerability by enabling authentication and authorization on their Solr clusters or switching to SolrCloud (and away from "FileSystemConfigSetService"). Users are also recommended to upgrade to Solr 9.8.0, which mitigates this issue by disabling use of "
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.solr:solr-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.8.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-24814"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": true,
"github_reviewed_at": "2025-01-27T17:22:49Z",
"nvd_published_at": "2025-01-27T09:15:14Z",
"severity": "HIGH"
},
"details": "Core creation allows users to replace \"trusted\" configset files with arbitrary configuration\n\nSolr instances that (1) use the \"FileSystemConfigSetService\" component (the default in \"standalone\" or \"user-managed\" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual \"trusted\" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem.\u00a0 These replacement config files are treated as \"trusted\" and can use \"\u003clib\u003e\" tags to add to Solr\u0027s classpath, which an attacker might use to load malicious code as a searchComponent or other plugin.\n\nThis issue affects all Apache Solr versions up through Solr 9.7.\u00a0 Users can protect against the vulnerability by enabling authentication and authorization on their Solr clusters or switching to SolrCloud (and away from \"FileSystemConfigSetService\").\u00a0 Users are also recommended to upgrade to Solr 9.8.0, which mitigates this issue by disabling use of \"\u003clib\u003e\" tags by default.",
"id": "GHSA-68r2-fwcg-qpm8",
"modified": "2025-02-18T22:30:39Z",
"published": "2025-01-27T09:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24814"
},
{
"type": "WEB",
"url": "https://github.com/apache/solr/commit/f492e24881c5724a1b1baecfc9549e2cb0257525"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/solr"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/SOLR-16781"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/gl291pn8x9f9n52ys5l0pc0b6qtf0qw1"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20250214-0002"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/01/26/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "Apache Solr vulnerable to Execution with Unnecessary Privileges"
}
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.