CVE-2025-14714

Published: Dec 15, 2025

Modified: Dec 15, 2025

PUBLISHED

Description

An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle By executing the bundled interpreter directly the attacker's scripts run with the application's TCC privileges In fixed versions parent-constraints are used to allow only the main application to launch interpreter with those permissions This issue affects LibreOffice on macOS: from 25.2 before < 25.2.4.

Vendor	Product	Versions
The Document Foundation	LibreOffice	affected `25.2 - < < 25.2.4`

Weaknesses (CWE)

CWE-288

References

https://www.libreoffice.org/about-us/security/advisories/cve-2025-14714

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-14714

Description

Affected Products

Weaknesses (CWE)

References