Address Telerik Document Processing Security Vulnerability
Environment
| Product | Telerik Document Processing |
| Product Version | Prior to 2025.1.205 |
Description
The February 2025 release of Telerik Document Processing resolves a couple of vulnerabilities:
The Telerik.Core.Export package consumes the Progress Telerik Document Processing Libraries, in which for versions prior to 2025 Q1 (2025.1.2xx), using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF.
Telerik UI for ASP.NET Core is NOT affected by the mentioned resolved vulnerabilities. This article exists only as a heads-up to customers who may be using Telerik Document Processing and/or Telerik.Core.Export in their Telerik UI for ASP.NET Core applications.
Solution
No action is required if:
- Your application is not referencing Telerik Document Processing packages explicitly, or the Telerik.Core.Export package.
- Your application is not using
Telerik.ZipAPIs directly. - Your application is not importing an
HTMLfile and exporting it toRTFformat.
If your use case scenario is the opposite of the listed items above, then:
- Get familiar with the vulnerabilities, their impact, and resolutions.
- Upgrade Telerik Document Processing to version 2025.1.205 or later.
The issue has been addressed in the Progress Telerik Document Processing Libraries and the Progress Telerik team strongly recommends performing an upgrade of the Progress Telerik Document Processing Libraries following the guidelines in the two Knowledge Base articles linked in the Description section and of the Telerik.Core.Export package to version 2025 Q1 (2025.1.211) or later.