CVE-2025-2866

Low CVSS: 2.4

Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation.

In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid

This issue affects LibreOffice: from 24.8 before < 24.8.6, from 25.2 before < 25.2.2.

Vendor

Libreoffice

Product

Libreoffice

CWE

CWE-347

Yayın Tarihi

2025-04-27 19:15:15

Güncelleme

2025-11-03 20:18:09

Source Identifier

security@documentfoundation.org

KEV Date Added

Kategoriler

CWE-347 Libreoffice LOW Libreoffice 2025

Referanslar

https://www.libreoffice.org/about-us/security/advisories/cve-2025-2866 https://lists.debian.org/debian-lts-announce/2025/06/msg00002.html

Benzer Kayıtlar

Low

CVE-2025-14714

An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the T…

Medium

CVE-2021-25635

An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with…

High

CVE-2025-1080

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An addit…

High

CVE-2025-0514

Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targ…

Medium

CVE-2024-12426

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document…

Low

CVE-2024-12425

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation…