cbcvebase.
CVE-2021-25631
published 2021-05-03

CVE-2021-25631: In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating…

PriorityP351high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
4.17%
89.6th percentile
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.

Affected

5 ranges
VendorProductVersion rangeFixed in
debianlibreoffice
libreofficelibreoffice>= 7.0.0 < 7.0.57.0.5
libreofficelibreoffice>= 7.1.0 < 7.1.27.1.2
the_document_foundationlibreoffice>= 7.0 < 7.0.57.0.5
the_document_foundationlibreoffice>= 7.1 < 7.1.27.1.2

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_debian8.8LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.