CVE-2021-25830

Name of the Vulnerable Software and Affected Versions ONLYOFFICE DocumentServer versions 4.2.0.236 through 5.6.4.13

Description A file extension handling issue was found in the [core] module of ONLYOFFICE DocumentServer. An attacker must request the conversion of a crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote code execution on DocumentServer.

Recommendations For versions 4.2.0.236 through 5.6.4.13, consider disabling the file conversion feature from DOCT to DOCX format until a patch is available. Restrict access to the [core] module to minimize the risk of exploitation. Avoid using the file conversion feature for crafted files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.