Security features bypass in LibreOffice - CVE-2021-25631

 

Security features bypass in LibreOffice - CVE-2021-25631

Published: April 16, 2021


Vulnerability identifier: #VU52290
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-25631
CWE-ID: CWE-254
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: LibreOffice
Affected software:
LibreOffice

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper input validation when processing hyperlinks in a document. A remote attacker can create a document with a specially crafted hyperlink, trick the victim into clicking the link, bypass implemented restrictions on extensions imposed by the denylist and execute arbitrary commands on the system.

Note, the vulnerability affects Windows installations only.


How to mitigate CVE-2021-25631

Install updates from vendor's website.

Sources