CVE-2024-52012
Published: 27 January 2025
Summary
CVE-2024-52012 is a medium-severity Relative Path Traversal (CWE-23) vulnerability in Apache Solr. Its CVSS base score is 5.4 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 5.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2024-52012 is a relative path traversal vulnerability, also known as ZipSlip, that affects the configset upload API in Apache Solr versions 6.6 through 9.7.0 when running on Windows. The flaw stems from insufficient input sanitization, allowing maliciously crafted ZIP archives to specify relative file paths that result in arbitrary writes outside the intended directory on the filesystem.
An attacker with access to the configset upload API can exploit the issue to write files to arbitrary locations on the Windows host. With a CVSS score of 5.4, the vulnerability requires low-privileged network access and can lead to limited impacts on confidentiality and integrity without affecting availability.
Apache Solr advisories recommend upgrading to version 9.8.0 to resolve the issue. Organizations unable to upgrade can mitigate exposure by enabling the Rule-Based Authentication Plugin to restrict the configset upload API to trusted administrators only. The associated EPSS score has remained essentially flat near 0.14 with no material increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-0133
Vulnerability details
Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use…
more
relative filepaths to write data to unanticipated parts of the filesystem. This issue affects Apache Solr: from 6.6 through 9.7.0. Users are recommended to upgrade to version 9.8.0, which fixes the issue. Users unable to upgrade may also safely prevent the issue by using Solr's "Rule-Based Authentication Plugin" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE enables exploitation of public-facing Solr upload API (T1190) for arbitrary file writes via malicious ZIP, directly facilitating ingress of attacker-controlled files/tools (T1105).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-2 requires identifying, reporting, and correcting system flaws like the path traversal in Solr's configset upload API, directly enabling the recommended upgrade to version 9.8.0.
AC-6 enforces least privilege by restricting access to the vulnerable configset upload API to only trusted administrators, as recommended in the Apache advisory.
SI-10 mandates validation and sanitization of inputs like ZIP file paths to prevent relative path traversal attacks such as zipslip in the configset upload API.