QwikSec

Security Database

CVE

CWE

Training

CVE-2021-25631

Published: May 3, 2021

Modified: Sep 16, 2024

PUBLISHED

Description

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.

Vendor	Product	Versions
The Document Foundation	LibreOffice	affected `7.1 - < 7.1.2` affected `7.0 - < 7.0.5`

Weaknesses (CWE)

References

https://positive.security/blog/url-open-rce#open-libreoffice

x_refsource_MISC

https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.