How severe is CVE-2021-25631?

CVE-2021-25631 has a CVSS v3 score of 8.8 (HIGH).

CVE-2021-25631

Name: libreoffice
Author: libreoffice

8.8HIGH

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist b

Published: 5/3/2021Updated: 11/21/2024

Description

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.

AI AnalysisPowered by AI

Affected Products

libreofficelibreoffice

References

https://positive.security/blog/url-open-rce#open-libreoffice
ExploitThird Party Advisory
https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/
Vendor Advisory
https://positive.security/blog/url-open-rce#open-libreoffice
ExploitThird Party Advisory
https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/
Vendor Advisory