File Export Vulnerability in Progress Telerik Document Processing Libraries
CVE-2024-11629

6.5MEDIUM

Key Information:

Vendor: Progress Software
Status: Progress® Telerik® Document Processing Libraries
Vendor: CVE Published:; 12 February 2025

Summary

The Progress Telerik Document Processing Libraries before version 2025 Q1 (2025.1.205) contain a vulnerability that allows unauthorized file content export to RTF format from an arbitrary file path. This issue poses a significant risk as it can potentially expose sensitive data to unauthorized users. Organizations utilizing these libraries need to update to the latest version to mitigate these risks and secure their document processing capabilities.

Affected Version(s)

Progress® Telerik® Document Processing Libraries .NET Standard 2.0 1.0.0 < 2025.1.205

References

https://docs.telerik.com/devtools/document-processing/kno...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2025
Vulnerability Reserved
Nov 22, 2024