Main Vulnerability Database Vulnerabilities #VU119961

Permissions, Privileges, and Access Controls in LibreOffice - CVE-2025-14714

Published: December 15, 2025

Vulnerability identifier: #VU119961

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-14714

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: LibreOffice

Affected software:
LibreOffice

Detailed vulnerability description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions on macOS installations. The bundled python launcher inherited the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. A remote attacker can compromise the affected system.

How to mitigate CVE-2025-14714

Install updates from vendor's website.

Sources

https://www.libreoffice.org/about-us/security/advisories/cve-2025-14714/

Permissions, Privileges, and Access Controls in LibreOffice - CVE-2025-14714

Detailed vulnerability description

How to mitigate CVE-2025-14714

Sources

Please verify you're human