Telerik Document Processing RTF Export of Arbitrary File Path
CVE-2024-11629

7.1HIGH

Key Information:

Vendor: Progress Software
Status: Progress® Telerik® Document Processing Libraries
Vendor: CVE Published:; 12 February 2025

Summary

In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF.

Affected Version(s)

Progress® Telerik® Document Processing Libraries .NET Standard 2.0 1.0.0 < 2025.1.205

References

https://docs.telerik.com/devtools/document-processing/kno...

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2025
Vulnerability Reserved
Nov 22, 2024