Detections
Analytics

Apache Solr < 9.8.0 ConfigSet Privilege Escalation via <lib> Injection (CVE-2025-24814)

medium Nessus Plugin ID 265889

Synopsis

Core creation allows users to replace 'trusted' configset files with arbitrary configuration.

Description

Solr instances that (1) use the 'FileSystemConfigSetService' component (the default in 'standalone' or 'user-managed' mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual 'trusted' configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem. These replacement config files are treated as 'trusted' and can use '<lib>' tags to add to Solr's classpath, which an attacker might use to load malicious code as a searchComponent or other plugin.
 This issue affects all Apache Solr versions up through Solr 9.7. Users can protect against the vulnerability by enabling authentication and authorization on their Solr clusters or switching to SolrCloud (and away from 'FileSystemConfigSetService'). Users are also recommended to upgrade to Solr 9.8.0, which mitigates this issue by disabling use of '<lib>' tags by default.
 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Apache Solr version 9.8.0 or later.

See Also

https://lists.apache.org/thread/gl291pn8x9f9n52ys5l0pc0b6qtf0qw1

Plugin Details

Severity: Medium

ID: 265889

File Name: apache_solr_cve-2025-24814.nasl

Version: 1.1

Type: remote

Family: CGI abuses

Published: 9/25/2025

Updated: 9/25/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2025-24814

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Vulnerability Information

CPE: cpe:/a:apache:solr

Required KB Items: installed_sw/Apache Solr

Patch Publication Date: 1/27/2025

Vulnerability Publication Date: 1/27/2025

Reference Information

CVE: CVE-2025-24814