CVE-2024-52012 in Solr
Summary
by MITRE • 01/27/2025
Relative Path Traversal vulnerability in Apache Solr.
Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem. This issue affects Apache Solr: from 6.6 through 9.7.0.
Users are recommended to upgrade to version 9.8.0, which fixes the issue. Users unable to upgrade may also safely prevent the issue by using Solr's "Rule-Based Authentication Plugin" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 02/11/2026
Apache Solr versions 6.6 through 9.7.0 contain a critical relative path traversal vulnerability that specifically impacts Windows installations and allows for arbitrary filesystem write operations. This vulnerability stems from insufficient input validation within the configset upload API, which processes ZIP archives containing configuration data for Solr collections. The flaw enables attackers to craft malicious ZIP files that exploit the zip slip vulnerability pattern, where relative path references in archive entries can traverse directory structures and write files to unintended locations on the target system. This type of vulnerability falls under CWE-22, which specifically addresses path traversal flaws that allow attackers to access files and directories outside the intended scope. The security implications are particularly severe on Windows systems where the vulnerability can be exploited to write malicious files to system directories, potentially leading to privilege escalation or persistent backdoors. The attack vector requires an authenticated user with access to the configset upload API, making the vulnerability particularly dangerous in environments where administrative privileges are not properly restricted. The exploitation process involves creating a specially crafted ZIP archive with entries that contain ../ sequences in their paths, allowing the archive extraction to write files outside the intended destination directory. This vulnerability directly maps to attack techniques described in the MITRE ATT&CK framework under T1059 for execution and T1078 for valid accounts, as it leverages legitimate administrative functionality to achieve unauthorized file system access. Organizations running affected Solr versions face significant risk of remote code execution or data compromise if attackers can gain access to the configset upload API. The vulnerability affects the core configuration management functionality of Solr, making it a critical target for exploitation in environments where Solr is exposed to untrusted users or networks. The root cause lies in the lack of proper path validation during ZIP archive extraction processes, which should enforce strict boundaries on file placement to prevent directory traversal attacks. This issue represents a fundamental flaw in how Solr handles external configuration data, where the system fails to sanitize file paths before writing extracted content to disk. The impact extends beyond simple file system manipulation as it can enable attackers to overwrite critical system files, install malicious software, or establish persistence mechanisms within the Solr environment. The vulnerability affects not just individual Solr instances but entire infrastructure deployments where Solr serves as a central configuration management system for multiple applications or services. The recommended mitigation strategy involves upgrading to Apache Solr version 9.8.0, which implements proper input validation and path sanitization measures to prevent the exploitation of relative path traversal attacks. Organizations unable to perform immediate upgrades can implement temporary protections by leveraging Solr's Rule-Based Authentication Plugin to restrict access to the vulnerable configset upload API, ensuring that only trusted administrators can utilize this functionality. This approach aligns with the principle of least privilege and provides an effective defense-in-depth measure while maintaining operational continuity. The vulnerability demonstrates the critical importance of input validation in web applications and highlights the potential for seemingly benign functionality to become a gateway for serious security compromises when proper sanitization measures are not implemented. Security teams should prioritize patching this vulnerability as it represents a direct path to system compromise and can be exploited without requiring advanced technical skills or extensive reconnaissance.