CVE-2025-24814

CWE-2508 documents7 sources

Severity

5.5MEDIUM

EPSS

0.8%

top 26.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Solr Apache Software Foundation Apache Solr

Timeline

PublishedJan 27

Latest updateJul 15

Description

Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual "trusted" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem. These replacement config …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:LExploitability: 2.1 | Impact: 3.4

Affected Packages4 packages

▶Mavenorg.apache.solr:solr-core< 9.8.0

▶NVDapache/solr< 9.8.0

▶CVEListV5apache_software_foundation/apache_solr9.7

▶Debianlucene-solr< 3.6.2+dfsg-23+3

🔴Vulnerability Details

OSV

CVE-2025-24814: Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetServi↗2025-01-27

▶

GHSA

Apache Solr vulnerable to Execution with Unnecessary Privileges↗2025-01-27

▶

CVEList

Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files↗2025-01-27

▶

OSV

Apache Solr vulnerable to Execution with Unnecessary Privileges↗2025-01-27

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Applications Risk Matrix: Core (Apache Solr) — CVE-2025-24814↗2025-07-15

▶

Red Hat

solr: org.apache.solr: Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files↗2025-01-27

▶

Debian

CVE-2025-24814: lucene-solr - Core creation allows users to replace "trusted" configset files with arbitrary c...↗2025

▶