Telerik 文档处理路径遍历漏洞

该路径遍历漏洞允许攻击者读取服务器上的任意文件，包括敏感信息、配置文件和源代码。攻击者可以利用此漏洞获取数据库凭据、API 密钥和其他敏感数据，从而进一步控制系统或窃取数据。此外，攻击者还可以利用此漏洞修改或删除服务器上的文件，导致系统崩溃或数据丢失。由于该漏洞无需身份验证即可利用，因此攻击面非常广阔，可能导致大规模数据泄露和系统破坏。

Applications that utilize the Telerik Document Processing Libraries to process user-supplied archive files are at risk. This includes web applications, desktop applications, and any other software that integrates with the library. Organizations using older, unpatched versions of the library, particularly those with limited patching cycles, are at higher risk.

• .NET / dotnet: Use Sysinternals Process Monitor to observe file access patterns when processing archives. Look for attempts to access files outside of the expected application directory.

Get-Process | Where-Object {$_.ProcessName -like '*Telerik*'} | Get-Process -Id $PID | ForEach-Object {
  Get-WinEvent -LogName Application -Filter "*[System[Provider[@Name='Microsoft-Windows-Sysinternals-ProcessMonitor']]]*"
}

• .NET / dotnet: Examine application logs for errors related to file access or archive processing. Look for exceptions indicating path traversal attempts. • .NET / dotnet: Review code that handles archive processing for potential vulnerabilities. Ensure proper path sanitization and validation are implemented. • .NET / dotnet: Windows Defender ATP can be configured to detect suspicious process behavior related to file access. Create a custom detection rule based on the known vulnerable library and file access patterns.

1. 2025-02-12Disclosure

   disclosure

1. 已保留2024-11-18
2. 发布日期2025-02-12
3. EPSS 更新日期2026-04-02

最有效的缓解措施是立即升级至 Progress Telerik Document Processing Libraries 2025.1.205 或更高版本。如果无法立即升级，可以考虑以下临时缓解措施：限制用户上传文件的类型和大小，实施严格的文件访问控制策略，并监控系统日志以检测可疑活动。此外，可以使用 Web 应用防火墙 (WAF) 来过滤恶意请求，并配置代理服务器来阻止对敏感文件的访问。升级后，请验证新版本是否已正确安装并配置，并确认漏洞已成功修复。