Apache Solr, ConfigSet Privilege Escalation, CVE-2025-24814 (Critical)

By /

Listen to this Post

How the CVE Works

CVE-2025-24814 exploits a misconfiguration in Apache Solr’s FileSystemConfigSetService, the default component in standalone or user-managed mode. Unauthenticated attackers can replace “trusted” configset files with malicious ones, leveraging `` tags to inject arbitrary code into Solr’s classpath. This allows loading rogue plugins (e.g., searchComponents) for remote code execution. The vulnerability affects all versions up to Solr 9.7. Mitigation requires enabling authentication, switching to SolrCloud, or upgrading to Solr 9.8.0, which disables `` tags by default.

DailyCVE Form

Platform: Apache Solr
Version: ≤ 9.7
Vulnerability: ConfigSet hijacking
Severity: Critical
Date: 06/25/2025

Prediction: Patch expected 07/15/2025

What Undercode Say

Analytics:

solrctl --check-configset
grep -r "<lib>" /var/solr/configsets
curl -X POST "http://<solr-host>:8983/solr/admin/cores?action=CREATE&name=exploit&configSet=malicious"

Exploit:

1. Upload malicious configset via filesystem access.

2. Trigger core creation referencing the rogue configset.

3. `` loads attacker-controlled JARs.

Protection from this CVE

  • Enable Solr authentication/authorization.
  • Migrate to SolrCloud mode.
  • Upgrade to Solr 9.8.0+.

Impact:

Remote code execution, full system compromise.

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top