Main Vulnerability Database Vulnerabilities #VU119961

#VU119961 Permissions, Privileges, and Access Controls in LibreOffice - CVE-2025-14714

Published: December 15, 2025

Vulnerability identifier: #VU119961

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-14714

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
LibreOffice

Software vendor:
LibreOffice

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions on macOS installations. The bundled python launcher inherited the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. A remote attacker can compromise the affected system.

Remediation

Install updates from vendor's website.

External links

https://www.libreoffice.org/about-us/security/advisories/cve-2025-14714/

#VU119961 Permissions, Privileges, and Access Controls in LibreOffice - CVE-2025-14714

Description

Remediation

External links

Please verify you're human