CVE-2024-11343

High

Published: 12 February 2025

Published

12 February 2025

Modified

20 February 2025

KEV Added

—

Patch

—

CVSS Score 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

EPSS Score 0.0030 53.5th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-11343 is a high-severity Path Traversal (CWE-22) vulnerability in Progress Telerik Document Processing Libraries. Its CVSS base score is 8.3 (High).

Operationally, ranked in the top 46.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mandates timely identification, reporting, and correction of the path traversal flaw in vulnerable Telerik Document Processing Libraries via vendor-provided patches.

SI-10 Information Input Validation good match

prevent

Requires validation of information inputs such as archive file paths to block path traversal attempts enabling arbitrary file system access.

RA-5 Vulnerability Monitoring and Scanning good match

preventdetect

Provides vulnerability scanning to identify deployments of vulnerable Telerik library versions and triggers remediation to prevent exploitation.

NVD Description

In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), unzipping an archive can lead to arbitrary file system access.

Deeper analysisAI

CVE-2024-11343 is a path traversal vulnerability (CWE-22) in Progress Telerik Document Processing Libraries, affecting versions prior to 2025 Q1 (2025.1.205). The flaw occurs when unzipping an archive, enabling arbitrary file system access. It has a CVSS v3.1 base score of 8.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L), indicating high severity due to its potential for significant data exposure and modification.

An attacker requires low privileges (PR:L) to exploit this vulnerability over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Exploitation allows high confidentiality and integrity impacts, such as reading or overwriting arbitrary files on the file system, alongside low availability disruption.

The Telerik advisory at https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-path-traversal-cve-2024-11343 recommends upgrading to version 2025.1.205 or later to mitigate the issue.

Details

CWE(s): CWE-22

Affected Products

progress

telerik document processing libraries

≤ 2025.1.205

CVEs Like This One

CVE-2024-11629Same product: Progress Telerik Document Processing Libraries

CVE-2025-0332Same vendor: Progress

CVE-2026-3518Same vendor: Progress

CVE-2024-56132Same vendor: Progress

CVE-2024-56135Same vendor: Progress

CVE-2026-5174Same vendor: Progress

CVE-2025-13774Same vendor: Progress

CVE-2025-13447Same vendor: Progress

CVE-2026-4048Same vendor: Progress

CVE-2026-4670Same vendor: Progress

References

https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-path-traversal-cve-2024-11343
Vendor Advisory · security@progress.com