Hello, I’m trying to understand the impact of CVE-2025-24970 <https://nvd.nist.gov/vuln/detail/CVE-2025-24970>, which appears to be related to Netty. I couldn't find any mention of this CVE in the official Solr security page, it's neither listed under exploitable nor in not-exploitable vulnerabilities.
>From my initial investigation, it seems this vulnerability comes via ZooKeeper, and it seems to be addressed recently in the ZooKeeper project as part of ZOOKEEPER-4897 <https://issues.apache.org/jira/browse/ZOOKEEPER-4897>. Could someone help clarify the following: - Does this CVE affect Solr, in either standalone or cloud mode? - Is there any ongoing effort to update this dependency in Solr to include this fix? - I couldn't find any relevant Jira issue on the Solr board, is there already a ticket open, or would it make sense to create one? Any guidance would be greatly appreciated! Thank you Vijay
