Arbitrary File System Access in Telerik Document Processing Libraries
CVE-2024-11343

8.3HIGH

Key Information:

Vendor: Progress Software
Status: Telerik Document Processing Libraries
Vendor: CVE Published:; 12 February 2025

Summary

A security issue in Telerik Document Processing Libraries allows for arbitrary file system access when unzipping archives. This vulnerability can potentially allow unauthorized users to read or manipulate sensitive files within the system, creating serious security risks. It is essential for users of affected versions to update to the latest release to mitigate this risk.

Affected Version(s)

Telerik Document Processing Libraries 1.0.0 < 2025.1.205

References

https://docs.telerik.com/devtools/document-processing/kno...

vendor-advisory

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2025
Vulnerability Reserved
Nov 18, 2024