CVE-2021-25634

Name of the Vulnerable Software and Affected Versions LibreOffice versions 7.0.0 through 7.0.5 LibreOffice versions 7.1.0 through 7.1.1

Description The issue is related to an Improper Certificate Validation vulnerability in LibreOffice, which supports digital signatures of ODF documents and macros within documents. This vulnerability allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp, which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. The vulnerability can be exploited by a remote attacker to impact the integrity of data.

Recommendations For LibreOffice versions 7.0.0 through 7.0.5, update to version 7.0.6 or later. For LibreOffice versions 7.1.0 through 7.1.1, update to version 7.1.2 or later. As a temporary workaround, consider disabling the digital signature validation feature until a patch is available. Restrict access to digitally signed documents to minimize the risk of exploitation.