Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-2866

Опубликовано: 27 апр. 2025
Источник: nvd
CVSS3: 5.5
EPSS Низкий

Описание

Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation.

In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid

This issue affects LibreOffice: from 24.8 before < 24.8.6, from 25.2 before < 25.2.2.

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*
Версия от 24.8.0.1 (включая) до 24.8.6.0 (исключая)
cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*
Версия от 25.2.0.1 (включая) до 25.2.2 (исключая)
cpe:2.3:a:libreoffice:libreoffice:24.8.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:libreoffice:libreoffice:24.8.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:libreoffice:libreoffice:25.2.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:libreoffice:libreoffice:25.2.0.0:beta1:*:*:*:*:*:*

EPSS

Процентиль: 2%
0.00017
Низкий

5.5 Medium

CVSS3

Дефекты

CWE-347
CWE-347

Связанные уязвимости

CVSS3: 5.5
ubuntu
3 месяца назад

Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation. In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid This issue affects LibreOffice: from 24.8 before < 24.8.6, from 25.2 before < 25.2.2.

CVSS3: 2.8
redhat
3 месяца назад

Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation. In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid This issue affects LibreOffice: from 24.8 before < 24.8.6, from 25.2 before < 25.2.2.

CVSS3: 5.5
debian
3 месяца назад

Improper Verification of Cryptographic Signature vulnerability in Libr ...

CVSS3: 9.8
github
3 месяца назад

Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation. In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid This issue affects LibreOffice: from 24.8 before < 24.8.6, from 25.2 before < 25.2.2.

CVSS3: 9.8
fstec
3 месяца назад

Уязвимость пакета офисных программ LibreOffice, связанная с некорректной проверкой криптографической подписи, позволяющая нарушителю подделывать цифровые подписи

EPSS

Процентиль: 2%
0.00017
Низкий

5.5 Medium

CVSS3

Дефекты

CWE-347
CWE-347