CVE-2024-11343

High

Published: 12 February 2025

Published

12 February 2025

Modified

20 February 2025

KEV Added

—

Patch

—

CVSS Score 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

EPSS Score 0.0030 53.4th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), unzipping an archive can lead to arbitrary file system access.

Security Summary

CVE-2024-11343 is a path traversal vulnerability (CWE-22) in Progress Telerik Document Processing Libraries, affecting versions prior to 2025 Q1 (2025.1.205). The flaw occurs when unzipping an archive, enabling arbitrary file system access. It has a CVSS v3.1 base score of 8.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L), indicating high severity due to its potential for significant data exposure and modification.

An attacker requires low privileges (PR:L) to exploit this vulnerability over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Exploitation allows high confidentiality and integrity impacts, such as reading or overwriting arbitrary files on the file system, alongside low availability disruption.

The Telerik advisory at https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-path-traversal-cve-2024-11343 recommends upgrading to version 2025.1.205 or later to mitigate the issue.

Details

CWE(s): CWE-22

Affected Products

progress

telerik document processing libraries

≤ 2025.1.205

References

https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-path-traversal-cve-2024-11343
Vendor Advisory · security@progress.com