Document Foundation · Libreoffice · CVE-2025-2866
**Name of the Vulnerable Software and Affected Versions**
LibreOffice versions 24.8 through 24.8.5
LibreOffice versions 25.2 through 25.2.1
**Description**
The issue is related to an Improper Verification of Cryptographic Signature, allowing PDF Signature Spoofing by Improper Validation. A flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid.
**Recommendations**
For LibreOffice versions 24.8 through 24.8.5, update to version 24.8.6 or later.
For LibreOffice versions 25.2 through 25.2.1, update to version 25.2.2 or later.