CVE-2024-11343

In Progress Telerik Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), unzipping an archive can lead to arbitrary file system access.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.3 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
ProgressSoftwareCNA
8.3 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
progresstelerik_document_processing_libraries
𝑥
< 2025.1.205
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-path-traversal-cve-2024-11343