FlagThis

A critical relative path traversal vulnerability (CVE-2024-52012) in Apache Solr for Windows allows arbitrary file path write access via the ‘configset upload’ API. Additionally, a medium severity vulnerability (CVE-2025-24814) allows users to replace trusted configset files with arbitrary configurations. These flaws require immediate patching to prevent attackers from writing or altering files on the system. Organizations need to prioritize patching their Apache Solr instances. The lack of input sanitization and insecure file handling exposes significant security risks.

ImgSrc: securityonline.info

References:

• GBHackers Security | #1 Globally Trusted Cyber Security News Platform - Apache Solr For Windows instances Vulnerability Allows Arbitrary Path Write-Access - 3d
• Open Source Security - Posted by Jason Gerlowski on Jan 26 Severity: moderate Affected versions: - Apache Solr 6.6 through 9.7.0 Description: Relative Path Traversal vulnerability in Apache Solr. Solr instances running on W - 3d
• socca.tech - Vulnerability Report: CVE-2024-52012 – Apache Solr Relative Path Traversal Vulnerability Overview CVE Identifier: CVE-2024-52012 Affected Software: Apache Solr Affected Versions: From 6.6 throu - 3d
• gbhackers.com - Apache Solr For Windows instances Vulnerability Allows Arbitrary Path Write-Access - 3d
• Vulnerability Archives ? Cybersecurity News - Apache Solr Vulnerabilities CVE-2024-52012 and CVE-2025-24814 Expose Systems to File Write and Code Execution Risks - 2d
• securityonline.info - Apache Solr Vulnerabilities CVE-2024-52012 and CVE-2025-24814 Expose Systems to File Write and Code Execution Risks - 2d
• socca.tech - CVE-2025-24814: (Apache Solr: Medium) - 1d

Classification:

• HashTags: Apache Solr Vulnerability
• Company: Apache
• Target: Apache Solr Instances
• Product: Solr
• Feature: Arbitrary Path Write
• Type: Vulnerability
• Severity: Major