Ymka_1

**Name of the Vulnerable Software and Affected Versions** JSC R7 R7-Office Document Server versions up to 20250820 **Description** A flaw exists in JSC R7 R7-Office Document Server. The issue involves manipulation of the `cmd` argument within an unknown function of the `/downloadas/` file, potentially leading to path traversal. This attack can be initiated remotely. R7-Office is a fork of OpenOffice, and it is currently uncertain if OpenOffice is affected, as the OpenOffice team has not been able to reproduce the issue in their codebase. **Recommendations** Upgrade to version 2025.3.1.923 to address this issue. Upgrade the affected component.