How severe is CVE-2021-25631?

CVE-2021-25631 has a CVSS v3 score of 8.8 (HIGH).

CVE-2021-25631

Name: libreoffice
Author: libreoffice

8.8HIGH

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist b

Publicado: 5/3/2021Actualizado: 11/21/2024

Descripción

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.

Análisis IAImpulsado por IA

Productos Afectados

libreofficelibreoffice

Referencias

https://positive.security/blog/url-open-rce#open-libreoffice
ExploitThird Party Advisory
https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/
Vendor Advisory
https://positive.security/blog/url-open-rce#open-libreoffice
ExploitThird Party Advisory
https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/
Vendor Advisory