| Reporter | Title | Published | Views | Family All 25 |
|---|---|---|---|---|
| Security Bulletin: IBM Operational Decision Manager - Multiple CVEs addressed related to Solr Core | 10 Feb 202614:45 | – | ibm | |
| Security Bulletin: Vulnerabilities in Apache Solr (lucene) affect IBM Operations Analytics - Log Analysis (CVE-2025-24814, CVE-2024-52012) | 14 Apr 202508:34 | – | ibm | |
| The vulnerability of the “FileSystemConfigSetService” component of the Apache Solr search server, which allows a hacker to load malicious code. | 14 Apr 202500:00 | – | bdu_fstec | |
| CVE-2025-24814 | 26 Jan 202512:59 | – | circl | |
| Apache Solr 安全漏洞 | 27 Jan 202500:00 | – | cnnvd | |
| CVE-2025-24814 | 27 Jan 202508:58 | – | cve | |
| CVE-2025-24814 Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files | 27 Jan 202508:58 | – | cvelist | |
| CVE-2025-24814 | 27 Jan 202508:58 | – | debiancve | |
| EUVD-2025-0137 | 3 Oct 202520:07 | – | euvd | |
| Apache Solr vulnerable to Execution with Unnecessary Privileges | 27 Jan 202509:30 | – | github |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(265889);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2025/09/25");
script_cve_id("CVE-2025-24814");
script_name(english:"Apache Solr < 9.8.0 ConfigSet Privilege Escalation via <lib> Injection (CVE-2025-24814)");
script_set_attribute(attribute:"synopsis", value:
"Core creation allows users to replace 'trusted' configset files with arbitrary configuration.");
script_set_attribute(attribute:"description", value:
"Solr instances that (1) use the 'FileSystemConfigSetService' component (the default in 'standalone' or 'user-managed'
mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation
wherein individual 'trusted' configset files can be ignored in favor of potentially-untrusted replacements available
elsewhere on the filesystem. These replacement config files are treated as 'trusted' and can use '<lib>' tags to
add to Solr's classpath, which an attacker might use to load malicious code as a searchComponent or other plugin.
This issue affects all Apache Solr versions up through Solr 9.7. Users can protect against the vulnerability by
enabling authentication and authorization on their Solr clusters or switching to SolrCloud (and away from
'FileSystemConfigSetService'). Users are also recommended to upgrade to Solr 9.8.0, which mitigates this issue
by disabling use of '<lib>' tags by default.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://lists.apache.org/thread/gl291pn8x9f9n52ys5l0pc0b6qtf0qw1");
script_set_attribute(attribute:"solution", value:
"Upgrade to Apache Solr version 9.8.0 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-24814");
script_set_attribute(attribute:"vuln_publication_date", value:"2025/01/27");
script_set_attribute(attribute:"patch_publication_date", value:"2025/01/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/09/25");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:solr");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("solr_detect.nbin");
script_require_keys("installed_sw/Apache Solr");
exit(0);
}
include('vcf.inc');
var app = 'Apache Solr';
var app_info = vcf::combined_get_app_info(app:app);
vcf::check_granularity(app_info:app_info, sig_segments:3);
var constraints = [
{ 'fixed_version' : '9.8.0' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation