CVE-2024-11343
Published: 12 February 2025
Summary
CVE-2024-11343 is a high-severity Path Traversal (CWE-22) vulnerability in Progress Telerik Document Processing Libraries. Its CVSS base score is 8.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 46.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2024-11343 is a path traversal vulnerability (CWE-22) in Progress Telerik Document Processing Libraries, affecting versions prior to 2025 Q1 (2025.1.205). The flaw occurs when unzipping an archive, enabling arbitrary file system access. It has a CVSS v3.1 base score of 8.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L), indicating high severity due to its potential for significant data exposure and modification.
An attacker requires low privileges (PR:L) to exploit this vulnerability over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Exploitation allows high confidentiality and integrity impacts, such as reading or overwriting arbitrary files on the file system, alongside low availability disruption.
The Telerik advisory at https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-path-traversal-cve-2024-11343 recommends upgrading to version 2025.1.205 or later to mitigate the issue.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-4578
Vulnerability details
In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), unzipping an archive can lead to arbitrary file system access.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal during archive extraction directly enables arbitrary local file read (T1005) and write (T1105 for tool drop, T1565.001 for stored data overwrite).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mandates timely identification, reporting, and correction of the path traversal flaw in vulnerable Telerik Document Processing Libraries via vendor-provided patches.
Requires validation of information inputs such as archive file paths to block path traversal attempts enabling arbitrary file system access.
Provides vulnerability scanning to identify deployments of vulnerable Telerik library versions and triggers remediation to prevent exploitation.