CVE-2023-25266

Name of the Vulnerable Software and Affected Versions Docmosis Tornado versions prior to 2.9.5

Description An issue allows an authenticated attacker to change the Office directory setting to point to an arbitrary remote network path, triggering the execution of the soffice binary under the attacker's control. This leads to arbitrary remote code execution (RCE).

Recommendations For versions prior to 2.9.5, update to version 2.9.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the Office directory setting to prevent attackers from modifying it.