Cyber Resilience

CVE-2024-52012

Medium

Published: 27 January 2025

Published
27 January 2025
Modified
27 June 2025
KEV Added
Patch
CVSS Score v3.1 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS Score 0.1371 94.4th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-52012 is a medium-severity Relative Path Traversal (CWE-23) vulnerability in Apache Solr. Its CVSS base score is 5.4 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 5.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-52012 is a relative path traversal vulnerability, also known as ZipSlip, that affects the configset upload API in Apache Solr versions 6.6 through 9.7.0 when running on Windows. The flaw stems from insufficient input sanitization, allowing maliciously crafted ZIP archives to specify relative file paths that result in arbitrary writes outside the intended directory on the filesystem.

An attacker with access to the configset upload API can exploit the issue to write files to arbitrary locations on the Windows host. With a CVSS score of 5.4, the vulnerability requires low-privileged network access and can lead to limited impacts on confidentiality and integrity without affecting availability.

Apache Solr advisories recommend upgrading to version 9.8.0 to resolve the issue. Organizations unable to upgrade can mitigate exposure by enabling the Rule-Based Authentication Plugin to restrict the configset upload API to trusted administrators only. The associated EPSS score has remained essentially flat near 0.14 with no material increase after disclosure.

EU & UK References

Vulnerability details

Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use…

more

relative filepaths to write data to unanticipated parts of the filesystem. This issue affects Apache Solr: from 6.6 through 9.7.0. Users are recommended to upgrade to version 9.8.0, which fixes the issue. Users unable to upgrade may also safely prevent the issue by using Solr's "Rule-Based Authentication Plugin" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
Why these techniques?

CVE enables exploitation of public-facing Solr upload API (T1190) for arbitrary file writes via malicious ZIP, directly facilitating ingress of attacker-controlled files/tools (T1105).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-22022Same product: Apache Solr
CVE-2026-22444Same product: Apache Solr
CVE-2026-44825Same product: Apache Solr
CVE-2025-27553Same vendor: Apache
CVE-2026-46586Same vendor: Apache
CVE-2026-41873Same vendor: Apache
CVE-2025-24783Same vendor: Apache
CVE-2024-53678Same vendor: Apache
CVE-2026-34059Same vendor: Apache
CVE-2026-40961Same vendor: Apache

Affected Assets

apache
solr
6.6.0 — 9.8.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires identifying, reporting, and correcting system flaws like the path traversal in Solr's configset upload API, directly enabling the recommended upgrade to version 9.8.0.

prevent

AC-6 enforces least privilege by restricting access to the vulnerable configset upload API to only trusted administrators, as recommended in the Apache advisory.

prevent

SI-10 mandates validation and sanitization of inputs like ZIP file paths to prevent relative path traversal attacks such as zipslip in the configset upload API.

References