Overview
Apache Solr is an open-source search platform built on Apache Lucene, designed for scalable, high-performance search and indexing. It supports full-text search, faceted search, real-time indexing, distributed searching, and high availability. Solr is widely used in applications requiring fast and efficient search capabilities, such as e-commerce, enterprise search, and log analytics.
A Remote Code Execution (RCE) vulnerability (CVE-2025-24814) has been identified in the FileSystemConfigSetService component. This vulnerability allows attackers to load malicious code as a plugin.
Per the Open Web Application Security Project (OWASP): "Code Injection occurs when untrusted data is sent to an interpreter as part of a command or query. The attacker's hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization."
This issue affects versions below 9.8.0
Details
Module Info
- Product: Apache Solr
- Affected packages: solr-core
- Affected versions: <9.8.0
- GitHub repository: https://github.com/apache/solr
- Published packages: https://central.sonatype.com/artifact/org.apache.solr/solr-core
- Package manager: Maven
- Fixed in: NES for Solr v8.11.5
Vulnerability Info
A security vulnerability has been identified in Apache Solr versions up to 9.7, allowing unauthorized configuration changes in certain deployment scenarios. Specifically, instances running in "standalone" or "user-managed" mode without authentication and authorization enabled are at risk. The flaw permits attackers to replace trusted configuration files with arbitrary versions, leading to the execution of potentially malicious code. By exploiting the <lib> directive in solrconfig.xml, an attacker could introduce unauthorized JAR files into Solr’s classpath, enabling remote code execution through custom plugins or components.
To mitigate this risk, users should ensure authentication and authorization are enabled or transition to SolrCloud, which does not rely on the vulnerable FileSystemConfigSetService component. Additionally, upgrading to Solr 9.8.0 is strongly recommended, as this version removes support for the <lib> directive by default, closing the attack vector. Alternative, more secure methods for managing custom JAR files include adding them directly to Solr’s classpath or utilizing the package management system.
Credit
- pwn null
Mitigation
Apache Solr versions below or equal to 8.11.4 are no longer community-supported. The community support version will not receive any updates to address this issue. For more information, see here.
Users of the affected components should apply one of the following mitigations:
- Upgrade Apache Solr to >=9.8.0
- Leverage a commercial support partner like HeroDevs for post-EOL security support.