CVE-2025-14714
published 2025-12-15CVE-2025-14714: An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC)…
PriorityP432medium6.5CVSS 3.1
AVLACLPRLUINSCCHINAN
EPSS
0.12%
2.1th percentile
An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle
By executing the bundled interpreter directly the attacker's scripts run with the application's TCC privileges
In fixed versions parent-constraints are used to allow only the main application to launch interpreter with those permissions
This issue affects LibreOffice on macOS: from 25.2 before < 25.2.4.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libreoffice | — | — |
| libreoffice | libreoffice | >= 25.2.0.1 < 25.2.4.1 | 25.2.4.1 |
| the_document_foundation | libreoffice | >= 25.2 < < 25.2.4 | < 25.2.4 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
nvdv4.00.9LOWCVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_debian0.9LOW
vendor_redhat0.9LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-65c5-j3wr-v7fh: An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Cont
ghsa_unreviewed·2025-12-15
CVE-2025-14714 [LOW] CWE-288 GHSA-65c5-j3wr-v7fh: An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Cont
An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle
By executing the bundled interpreter directly the attacker's scripts run with the application's TCC privileges
In fixed versions parent-constraints are used to allow only the main application to launch interpreter with those permissions
This issue affects LibreOffice on macOS: from 25.2 before < 25.2.4.
Red Hat
LibreOffice: LibreOffice: Authentication Bypass leading to privilege escalation via bundled interpreter execution
vendor_redhat·2025-12-15·CVSS 0.9
CVE-2025-14714 [LOW] CWE-288 LibreOffice: LibreOffice: Authentication Bypass leading to privilege escalation via bundled interpreter execution
LibreOffice: LibreOffice: Authentication Bypass leading to privilege escalation via bundled interpreter execution
An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle
By executing the bundled interpreter directly the attacker's scripts run with the application's TCC privileges
In fixed versions parent-constraints are used to allow only the main application to launch interpreter with those permissions
This issue affects LibreOffice on macOS: from 25.2 before < 25.2.4.
A flaw was found in LibreOffice. This vulnerability allows privilege escalation where an attacker's scripts run with the application's Transparency, Consent
Debian
CVE-2025-14714: libreoffice - An Authentication Bypass vulnerability existed where the application bundled an ...
vendor_debian·2025·CVSS 0.9
CVE-2025-14714 [LOW] CVE-2025-14714: libreoffice - An Authentication Bypass vulnerability existed where the application bundled an ...
An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle By executing the bundled interpreter directly the attacker's scripts run with the application's TCC privileges In fixed versions parent-constraints are used to allow only the main application to launch interpreter with those permissions This issue affects LibreOffice on macOS: from 25.2 before < 25.2.4.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Suricata
ET WEB_SPECIFIC_APPS ASUS RT-AC3200 Command Injection via load_script Hook in appGet.cgi (CVE-2018-14714)
suricata·2025-09-25·CVSS 9.8
CVE-2018-14714 [CRITICAL] ET WEB_SPECIFIC_APPS ASUS RT-AC3200 Command Injection via load_script Hook in appGet.cgi (CVE-2018-14714)
ET WEB_SPECIFIC_APPS ASUS RT-AC3200 Command Injection via load_script Hook in appGet.cgi (CVE-2018-14714)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS ASUS RT-AC3200 Command Injection via load_script Hook in appGet.cgi (CVE-2018-14714)"; flow:established,to_server; http.uri; content:"/appGet.cgi"; startswith; content:"hook|3d|load_script|28 22|"; fast_pattern; reference:url,blog.securityevaluators.com/asus-routers-overflow-with-vulnerabilities-b111bc1c8eb8; reference:cve,2018-14714; classtype:web-application-attack; sid:2064929; rev:1; metadata:affected_product Asus, attack_target Networking_Equipment, created_at 2025_09_25, cve CVE_2018_14714, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Exploit,
Suricata
ET EXPLOIT ASUSWRT Command Injection via load_script Hook in appGet.cgi (CVE-2018-14714)
suricata·2025-07-10·CVSS 9.8
CVE-2018-14714 [CRITICAL] ET EXPLOIT ASUSWRT Command Injection via load_script Hook in appGet.cgi (CVE-2018-14714)
ET EXPLOIT ASUSWRT Command Injection via load_script Hook in appGet.cgi (CVE-2018-14714)
Rule: alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT ASUSWRT Command Injection via load_script Hook in appGet.cgi (CVE-2018-14714)"; flow:established,to_server; http.uri; content:"appGet.cgi"; content:"hook=load_script"; fast_pattern; reference:cve,2018-14714; classtype:attempted-admin; sid:2063396; rev:1; metadata:attack_target Networking_Equipment, created_at 2025_07_10, cve CVE_2018_14714, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, updated_at 2025_07_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
No public exploits indexed.
2025-12-15
Published