Platform
dotnet
Component
telerik-document-processing
Fixed in
2025.1.205
CVE-2024-11343 describes a Path Traversal vulnerability discovered in Progress® Telerik® Document Processing Libraries. This vulnerability allows an attacker to gain arbitrary file system access by crafting a malicious archive file. Versions affected are those prior to 2025 Q1 (2025.1.205). A fix is available in version 2025.1.205.
The core impact of CVE-2024-11343 lies in its ability to enable arbitrary file system access. An attacker can craft a specially designed archive file (e.g., ZIP) that, when processed by the vulnerable library, allows them to read files outside of the intended directory. This could expose sensitive data such as configuration files, source code, database connection strings, or even user credentials. The blast radius is significant, as any application utilizing the vulnerable library and processing user-supplied archives is potentially at risk. Successful exploitation could lead to complete system compromise, depending on the permissions of the process executing the library.
CVE-2024-11343 was publicly disclosed on February 12, 2025. As of this date, there is no indication of active exploitation in the wild. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept code is not yet available, but the nature of Path Traversal vulnerabilities suggests that a PoC is likely to emerge.
Exploit Status
EPSS
0.30% (53% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-11343 is to upgrade to version 2025.1.205 or later. If immediate upgrading is not feasible, consider implementing stricter input validation on archive files before processing them. Specifically, sanitize filenames and paths within the archive to prevent traversal attempts. Web application firewalls (WAFs) configured to detect and block malicious file access patterns could provide an additional layer of defense. Monitor system logs for unusual file access activity, particularly attempts to access files outside of expected directories.
Actualice las bibliotecas de Telerik Document Processing a la versión 2025 Q1 (2025.1.205) o posterior. Esto solucionará la vulnerabilidad de path traversal al descomprimir archivos. Descargue la versión más reciente desde el sitio web oficial de Progress Software o a través del gestor de paquetes NuGet.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-11343 is a Path Traversal vulnerability in Telerik Document Processing Libraries affecting versions prior to 2025.1.205. It allows attackers to read arbitrary files by crafting malicious archive files.
You are affected if you are using Telerik Document Processing Libraries versions 1.0.0–2024.4.1203 and have not upgraded to 2025.1.205 or later. Assess your usage of the library and upgrade accordingly.
Upgrade to version 2025.1.205 or later. If upgrading is not immediately possible, implement stricter input validation on archive files and consider WAF rules.
As of February 12, 2025, there is no indication of active exploitation in the wild, but the vulnerability's nature suggests potential for future exploitation.
Refer to the Progress® website and Telerik security advisories for the official details and updates regarding CVE-2024-11343.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your packages.lock.json file and we'll tell you instantly if you're affected.