CVE-2025-24814 - Apache Solr "FileSystemConfigSetService" Privilege Escalation Vulnerability

Apache Solr, a widely-used open-source search platform, has been found to be susceptible to a privilege escalation vulnerability that allows users to replace "trusted" configuration set (configset) files with arbitrary configurations. This vulnerability specifically affects systems that use the "FileSystemConfigSetService" component and have authentication and authorization disabled. The result of this vulnerability could facilitate the loading of malicious code as a searchComponent or other plugin.

Exploit Details

A vulnerability has been discovered in the Apache Solr platform that introduces security risks for systems that use the "FileSystemConfigSetService" component (which is the default in "standalone" or "user-managed" mode) and do not utilize authentication and authorization features. When this vulnerability is exploited, "trusted" configset files can be replaced with potentially malicious ones that can be sourced elsewhere in the filesystem. Attackers could then leverage these replaced config files to add code to Solr's classpath, ultimately leading to the loading of malicious searchComponents or other plugins.

For example, if an attacker manages to replace the "trusted" configset files with a malicious configuration, it might look like this:

<config>
  ...
  <lib dir="/path/to/attacker/malicious/code/" regex=".*\.jar" />
  ...
  <searchComponent class="com.attacker.malicious.code.ExecutionComponent" name="maliciousComponent">
    ...
  </searchComponent>
  ...
</config>

This code snippet illustrates how an attacker could potentially add code to Solr's classpath via the <lib> tag and then use the maliciously-loaded component for further exploitation.

Affected Versions and Mitigation

This vulnerability affects all Apache Solr versions up to and including version 9.7. Users are strongly advised to protect against the vulnerability by taking the following steps:

1. Enable authentication and authorization on Solr clusters. For detailed instructions on how to do this, refer to the official Solr security guide.
2. Switch to SolrCloud mode, thereby moving away from the "FileSystemConfigSetService" component. This official Solr guide provides a tutorial on how to set up a SolrCloud cluster.
3. Upgrade to Apache Solr version 9.8., which features a mitigation for this issue by disabling the use of the <lib> tag by default.

Original References

- Apache Solr CVE-2025-24814 Advisory
- Apache Solr Security Guide
- Apache SolrCloud Tutorial

Conclusion

This vulnerability (CVE-2025-24814) in Apache Solr serves as an important reminder to users to enable authentication and authorization and to be vigilant with their configuration settings. By taking the appropriate steps to mitigate the risk, users can protect their Solr instances and ensure their systems remain secure.

Timeline

Published on: 01/27/2025 09:15:14 UTC
Last modified on: 02/15/2025 01:15:11 UTC