exploitDog

CVE-2025-66208

Опубликовано: 03 дек. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Collabora Online - Built-in CODE Server (richdocumentscode) provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxy. Users of Nextcloud with Collabora Online - Built-in CODE Server app can be vulnerable to attack via proxy.php and an intermediate reverse proxy. This vulnerability is fixed in 25.04.702.

Ссылки

https://github.com/CollaboraOnline/online/security/advisories/GHSA-j3q6-q5pc-v5wf
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:collabora:online:*:*:*:*:*:*:*:*

Версия до 25.04.702 (исключая)

EPSS

Процентиль: 64%

0.00479

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-78

EPSS

Процентиль: 64%

0.00479

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-78