Lucene search
K

Apache Solr < 9.8.0 ConfigSet Privilege Escalation via <lib> Injection (CVE-2025-24814)

🗓️ 25 Sep 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 6 Views

Solr before 9.8.0 with FileSystemConfigSetService and no auth allows <lib> classpath loading via configset replacements.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(265889);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/09/25");
  script_cve_id("CVE-2025-24814");

  script_name(english:"Apache Solr < 9.8.0 ConfigSet Privilege Escalation via <lib> Injection (CVE-2025-24814)");
  script_set_attribute(attribute:"synopsis", value:
"Core creation allows users to replace 'trusted' configset files with arbitrary configuration.");
  script_set_attribute(attribute:"description", value:
"Solr instances that (1) use the 'FileSystemConfigSetService' component (the default in 'standalone' or 'user-managed'
 mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation
 wherein individual 'trusted' configset files can be ignored in favor of potentially-untrusted replacements available
 elsewhere on the filesystem.  These replacement config files are treated as 'trusted' and can use '<lib>' tags to
 add to Solr's classpath, which an attacker might use to load malicious code as a searchComponent or other plugin.
 This issue affects all Apache Solr versions up through Solr 9.7.  Users can protect against the vulnerability by 
 enabling authentication and authorization on their Solr clusters or switching to SolrCloud (and away from 
'FileSystemConfigSetService').  Users are also recommended to upgrade to Solr 9.8.0, which mitigates this issue
 by disabling use of '<lib>' tags by default.
 
 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
 number.");
  script_set_attribute(attribute:"see_also", value:"https://lists.apache.org/thread/gl291pn8x9f9n52ys5l0pc0b6qtf0qw1");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Apache Solr version 9.8.0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-24814");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/01/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/01/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/09/25");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:solr");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("solr_detect.nbin");
  script_require_keys("installed_sw/Apache Solr");

  exit(0);
}

include('vcf.inc');

var app = 'Apache Solr';

var app_info = vcf::combined_get_app_info(app:app);
vcf::check_granularity(app_info:app_info, sig_segments:3);



var constraints = [
  { 'fixed_version' : '9.8.0' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

25 Sep 2025 00:00Current
6.2Medium risk
Vulners AI Score6.2
CVSS 3.15.4 - 5.5
EPSS0.01136
SSVC
6