https://connect.hyland.com/t5/alfresco-forum/cve-2025-24814-solr-vulnerability/m-p/496234#M40756 <P>Hi Community,</P><P>Has Hyland or the Alfresco community reviewed whether <STRONG>Alfresco Search Service</STRONG> is vulnerable to <STRONG>Solr CVE-2025-24814</STRONG>, particularly for <STRONG>Alfresco Search Service&nbsp;2.0.x</STRONG>?</P><P>If there are any findings, advisories, or recommended mitigations, could you please share them or point to the relevant references?<BR /><BR /><A href="https://nvd.nist.gov/vuln/detail/CVE-2025-24814" target="_self">https://nvd.nist.gov/vuln/detail/CVE-2025-24814</A></P> Mon, 09 Feb 2026 07:53:08 GMT bharath 2026-02-09T07:53:08Z https://connect.hyland.com/t5/alfresco-forum/cve-2025-24814-solr-vulnerability/m-p/496234#M40756 <P>Hi Community,</P><P>Has Hyland or the Alfresco community reviewed whether <STRONG>Alfresco Search Service</STRONG> is vulnerable to <STRONG>Solr CVE-2025-24814</STRONG>, particularly for <STRONG>Alfresco Search Service&nbsp;2.0.x</STRONG>?</P><P>If there are any findings, advisories, or recommended mitigations, could you please share them or point to the relevant references?<BR /><BR /><A href="https://nvd.nist.gov/vuln/detail/CVE-2025-24814" target="_self">https://nvd.nist.gov/vuln/detail/CVE-2025-24814</A></P> Mon, 09 Feb 2026 07:53:08 GMT https://connect.hyland.com/t5/alfresco-forum/cve-2025-24814-solr-vulnerability/m-p/496234#M40756 bharath 2026-02-09T07:53:08Z https://connect.hyland.com/t5/alfresco-forum/cve-2025-24814-solr-vulnerability/m-p/496272#M40758 <P>Following the <A href="https://support.hyland.com/r/Alfresco/Alfresco-Search-Services/2.0/Alfresco-Search-Services/Install/Installation-options" target="_blank" rel="noopener">documented installation</A> practices for Alfresco Search Services mitigates CVE-2025-24814 because the vulnerability only applies to unauthenticated Apache Solr deployments.</P> <P>Alfresco Search Services runs Apache Solr in a secured mode by default, with authentication and encrypted communication enabled between the repository and Solr. This prevents unauthenticated access to Solr admin APIs and the filesystem-based configset mechanism that CVE-2025-24814 relies on.</P> <P>In that context, the CVE has been classified as a false positive for Alfresco deployments that follow recommended practices.</P> Tue, 10 Feb 2026 06:58:29 GMT https://connect.hyland.com/t5/alfresco-forum/cve-2025-24814-solr-vulnerability/m-p/496272#M40758 angelborroy 2026-02-10T06:58:29Z https://connect.hyland.com/t5/alfresco-forum/cve-2025-24814-solr-vulnerability/m-p/496302#M40759 <P>Thank you for sharing the solution. I truly appreciate your guidance and support.</P> Wed, 11 Feb 2026 03:21:57 GMT https://connect.hyland.com/t5/alfresco-forum/cve-2025-24814-solr-vulnerability/m-p/496302#M40759 bharath 2026-02-11T03:21:57Z