CVE-2024-11343
📋 TL;DR
This vulnerability in Progress Telerik Document Processing Libraries allows attackers to perform path traversal attacks when processing ZIP archives, potentially leading to arbitrary file system access. It affects applications using these libraries to handle ZIP files, particularly those that accept user-uploaded archives. The vulnerability enables writing files outside intended directories.
💻 Affected Systems
- Progress Telerik Document Processing Libraries
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through arbitrary file write leading to remote code execution, data theft, or system destruction.
Likely Case
Unauthorized file system access allowing data exfiltration, file corruption, or planting malicious files for persistence.
If Mitigated
Limited impact if proper input validation and file system permissions restrict write access to sensitive locations.
🎯 Exploit Status
Exploitation requires the ability to upload or provide a malicious ZIP archive to the vulnerable application.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2025 Q1 (2025.1.205) or later
Vendor Advisory: https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-path-traversal-cve-2024-11343
Restart Required: No
Instructions:
1. Update Telerik Document Processing Libraries to version 2025.1.205 or later. 2. Rebuild and redeploy applications using the updated libraries. 3. Test archive processing functionality.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement server-side validation to reject ZIP archives containing path traversal sequences in filenames.
Restrict File System Permissions
allConfigure application to run with minimal file system write permissions and restrict extraction to isolated directories.
🧯 If You Can't Patch
- Disable ZIP archive processing functionality if not essential
- Implement strict file extension validation and reject all ZIP uploads
🔍 How to Verify
Check if Vulnerable:
Check application dependencies for Telerik Document Processing Libraries version below 2025.1.205.Check Version:
Check package manager (NuGet, npm, etc.) for Telerik.Documents.* package versions.Verify Fix Applied:
Confirm Telerik Document Processing Libraries version is 2025.1.205 or higher in application dependencies.📡 Detection & Monitoring
Log Indicators:
- Failed file write attempts outside expected directories
- Unusual archive processing errors
- Multiple failed ZIP upload attempts
Network Indicators:
- Large or unusual ZIP file uploads to archive processing endpoints
SIEM Query:
source="application_logs" AND ("path traversal" OR "../" OR "..\") AND "zip"