Wind River Support Network

Description

Core creation allows users to replace trusted configset files with arbitrary configuration Solr instances that (1) use the FileSystemConfigSetService component (the default in standalone or user-managed mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual trusted configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem.  These replacement config files are treated as trusted and can use <lib> tags to add to Solr\'s classpath, which an attacker might use to load malicious code as a searchComponent or other plugin. This issue affects all Apache Solr versions up through Solr 9.7.  Users can protect against the vulnerability by enabling authentication and authorization on their Solr clusters or switching to SolrCloud (and away from FileSystemConfigSetService).  Users are also recommended to upgrade to Solr 9.8.0, which mitigates this issue by disabling use of <lib> tags by default.

Find out more about CVE-2025-24814 from the MITRE-CVE dictionary and NIST NVD

---

Products Affected

Login may be required to access defects or downloads.

Related Products

Notes
Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.