PT-2025-9990 · Collabora · Collabora Online
Icare1337
·
Publicado
2025-03-06
·
Atualizado
2025-03-07
·
CVE-2025-24796
CVSS v4.0
6.3
Média
| Vetor | AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Collabora Online versions prior to 22.05.25
Collabora Online versions prior to 23.05.19
Collabora Online versions prior to 24.04.12.4
Description
The issue concerns Collabora Online, a collaborative online office suite based on LibreOffice. By default, macro support is disabled, but administrators can enable it. When macros are enabled, they can run executable binaries, potentially allowing the installation and execution of arbitrary binaries within a restricted environment. This could be used to bypass network access limits and provide a platform for further exploitation attempts.
Recommendations
For versions prior to 22.05.25, update to version 22.05.25 or later to resolve the issue.
For versions prior to 23.05.19, update to version 23.05.19 or later to resolve the issue.
For versions prior to 24.04.12.4, update to version 24.04.12.4 or later to resolve the issue.
As a temporary workaround, consider disabling macro support in Collabora Online until a patch is available.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Collabora Online