How severe is CVE-2021-25631?

CVE-2021-25631 has a CVSS v3 score of 8.8 (HIGH).

CVE-2021-25631

Name: libreoffice
Author: libreoffice

8.8HIGH

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist b

发布于: 5/3/2021更新于: 11/21/2024

描述

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.

AI分析AI驱动

受影响产品

libreofficelibreoffice

参考资料

https://positive.security/blog/url-open-rce#open-libreoffice
ExploitThird Party Advisory
https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/
Vendor Advisory
https://positive.security/blog/url-open-rce#open-libreoffice
ExploitThird Party Advisory
https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/
Vendor Advisory