CVE-2025-31672
Severity
5.3MEDIUM
EPSS
1.0%
top 22.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 9
Latest updateJan 15
Description
Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names (including the path) in the zip. In this case, products reading the affected file could read different data because 1 of the zip entries with the duplicate name is selected over another but different products may choose a different zip entry.
Th…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4
Affected Packages3 packages
🔴Vulnerability Details
4CVEList▶
Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names↗2025-04-09
📋Vendor Advisories
5Oracle▶
Oracle Oracle Fusion Middleware Risk Matrix: Oracle Database Client for Fusion Middleware (Apache POI) — CVE-2025-31672↗2026-01-15
Oracle▶
Oracle Oracle Financial Services Applications Risk Matrix: Platform (Apache POI) — CVE-2025-31672↗2025-10-15
Oracle▶
Oracle Oracle Fusion Middleware Risk Matrix: Oracle Business Rules (Apache POI) — CVE-2025-31672↗2025-07-15
Red Hat▶
org.apache.poi/poi-ooxml: Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names↗2025-04-09
Debian▶
CVE-2025-31672: libapache-poi-java - Improper Input Validation vulnerability in Apache POI. The issue affects the par...↗2025