• Vulnerable U
  • Posts
  • Apache Patches Two Serious Flaws in Solr Search Platform

Apache Patches Two Serious Flaws in Solr Search Platform

The bugs can allow arbitrary path-write access and uploading of an arbitrary configset

Author

Newsroom
January 28, 2025

Apache has released fixes for two serious vulnerabilities in the Solr open source search platform, both of which can allow an attacker to gain access to unauthorized portions of the platform. 

Why It Matters: Solr is the Apache Software Foundation’s open-source search platform and it’s used by a long list of popular sites, including Netflix, Adobe, Instagram, Best Buy, eBay, and Ticketmaster. The platform is very widely deployed and each of the two vulnerabilities patched in Solr 9.8.0 enables an attacker to take unauthorized actions on the platform. One of the vulnerabilities is an arbitrary path write-access flaw and the other is a method for uploading an arbitrary, untrusted configuration file. 

Key Details

  • CVE-2024-52012 affects Solr 6.6 through 9.7.0. “Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem,” the advisory says. “Users unable to upgrade may also safely prevent the issue by using Solr's "Rule-Based Authentication Plugin" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users.”

  • CVE-2025-24814 affects all versions of Solr through 9.7.0. “Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual "trusted" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem. These replacement config files are treated as "trusted" and can use "" tags to add to Solr's classpath, which an attacker might use to load malicious code as a searchComponent or other plugin,” the advisory says. 

  • Users can mitigate CVE-2025-24814 by enabling authentication and authorization on their Solr clusters or by switching to SolrCloud. 

What to Do Now: Upgrade to Solr 9.8.0 as soon as possible to prevent exploitaion of these flaws.