216.73.217.172

CVE-2025-27791

· Published 15/04/2025 19:16 · Modified 15/04/2025 19:16

Labels: CVE-2025-27791 2025-04-15CVE-2025-27791CWE-23[email protected]

Essential information

Published
15/04/2025 19:16
Modified
15/04/2025 19:16
Author
Creator
CVSS
8.3 HIGH (v3) 8.3 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckFileInfo BaseFileName field returned from WOPI servers. This allows for a file to be written anywhere the uid running Collabora Online can write, if such a response was supplied by a malicious WOPI server. By combining this flaw with a Time of Check, Time of Use DNS lookup issue with a WOPI server address under attacker control, it is possible to present such a response to be processed by a Collabora Online instance. This issue has been patched in versions 24.04.13.1, 23.05.19, and 22.05.25.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
collabora / collabora online cpe:2.3:a:collabora:collabora_online:<24.04.12.4:*:*:*:*:*:*:*
collabora / collabora online cpe:2.3:a:collabora:collabora_online:<23.05.19:*:*:*:*:*:*:*
collabora / collabora online cpe:2.3:a:collabora:collabora_online:<22.05.25:*:*:*:*:*:*:*

References