Main Vulnerability Database Vulnerabilities #VU52290

#VU52290 Security features bypass in LibreOffice - CVE-2021-25631

Published: April 16, 2021

Vulnerability identifier: #VU52290

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-25631

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
LibreOffice

Software vendor:
LibreOffice

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper input validation when processing hyperlinks in a document. A remote attacker can create a document with a specially crafted hyperlink, trick the victim into clicking the link, bypass implemented restrictions on extensions imposed by the denylist and execute arbitrary commands on the system.

Note, the vulnerability affects Windows installations only.

Remediation

Install updates from vendor's website.

External links

https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/