Hyland Connect

bharath · ‎02-09-2026

Hi Community,

Has Hyland or the Alfresco community reviewed whether Alfresco Search Service is vulnerable to Solr CVE-2025-24814, particularly for Alfresco Search Service 2.0.x?

If there are any findings, advisories, or recommended mitigations, could you please share them or point to the relevant references?

https://nvd.nist.gov/vuln/detail/CVE-2025-24814

angelborroy · ‎02-10-2026

Following the documented installation practices for Alfresco Search Services mitigates CVE-2025-24814 because the vulnerability only applies to unauthenticated Apache Solr deployments.

Alfresco Search Services runs Apache Solr in a secured mode by default, with authentication and encrypted communication enabled between the repository and Solr. This prevents unauthenticated access to Solr admin APIs and the filesystem-based configset mechanism that CVE-2025-24814 relies on.

In that context, the CVE has been classified as a false positive for Alfresco deployments that follow recommended practices.

Hyland Developer Evangelist

View answer in original post

angelborroy · ‎02-10-2026

Following the documented installation practices for Alfresco Search Services mitigates CVE-2025-24814 because the vulnerability only applies to unauthenticated Apache Solr deployments.

Alfresco Search Services runs Apache Solr in a secured mode by default, with authentication and encrypted communication enabled between the repository and Solr. This prevents unauthenticated access to Solr admin APIs and the filesystem-based configset mechanism that CVE-2025-24814 relies on.

In that context, the CVE has been classified as a false positive for Alfresco deployments that follow recommended practices.

Hyland Developer Evangelist

bharath · ‎02-10-2026

Thank you for sharing the solution. I truly appreciate your guidance and support.

Hyland Connect

CVE-2025-24814 Solr Vulnerability