CVE-2025-1385
Fail input validation in clickhouse-library-bridge API could lead to RCE under specific configuration
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits file uploads to specific directories, a misconfigured server can be exploited by an attacker with privilege to access to both table engines to execute arbitrary code on the ClickHouse server. You can check if your ClickHouse server is vulnerable to this vulnerability by inspecting the configuration file and confirming if the following setting is enabled: <library_bridge> <port>9019</port>
</library_bridge>
When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits file uploads to specific directories, a misconfigured server can be exploited by an attacker with privilege to access to both table engines to execute arbitrary code on the ClickHouse server. You can check if your ClickHouse server is vulnerable to this vulnerability by inspecting the configuration file and confirming if the following setting is enabled: <library_bridge> <port>9019</port> </library_bridge>
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2025-02-17 CVE Reserved
- 2025-03-20 CVE Published
- 2025-03-20 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
- CAPEC-108: Command Line Execution through SQL Injection
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| ClickHouse Search vendor "ClickHouse" | ClickHouse OSS Search vendor "ClickHouse" for product "ClickHouse OSS" | >= 24.3.0.0 < 24.3.18.6 Search vendor "ClickHouse" for product "ClickHouse OSS" and version " >= 24.3.0.0 < 24.3.18.6" | en |
Affected
| ||||||
| ClickHouse Search vendor "ClickHouse" | ClickHouse OSS Search vendor "ClickHouse" for product "ClickHouse OSS" | >= 24.8.0.0 < 24.8.14.27 Search vendor "ClickHouse" for product "ClickHouse OSS" and version " >= 24.8.0.0 < 24.8.14.27" | en |
Affected
| ||||||
| ClickHouse Search vendor "ClickHouse" | ClickHouse OSS Search vendor "ClickHouse" for product "ClickHouse OSS" | >= 24.11.0.0 < 24.11.5.34 Search vendor "ClickHouse" for product "ClickHouse OSS" and version " >= 24.11.0.0 < 24.11.5.34" | en |
Affected
| ||||||
| ClickHouse Search vendor "ClickHouse" | ClickHouse OSS Search vendor "ClickHouse" for product "ClickHouse OSS" | >= 24.12.0.0 < 24.12.5.65 Search vendor "ClickHouse" for product "ClickHouse OSS" and version " >= 24.12.0.0 < 24.12.5.65" | en |
Affected
| ||||||
| ClickHouse Search vendor "ClickHouse" | ClickHouse OSS Search vendor "ClickHouse" for product "ClickHouse OSS" | >= 25.1.0.0 < 25.1.5.5 Search vendor "ClickHouse" for product "ClickHouse OSS" and version " >= 25.1.0.0 < 25.1.5.5" | en |
Affected
| ||||||