PT-2025-38676 · Unknown+1 · Jsc R7 R7-Office Document Server+1
Ymka_1
·
Published
2025-09-22
·
Updated
2025-09-22
·
CVE-2025-10777
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
JSC R7 R7-Office Document Server versions up to 20250820
Description
A flaw exists in JSC R7 R7-Office Document Server. The issue involves manipulation of the
cmd argument within an unknown function of the /downloadas/ file, potentially leading to path traversal. This attack can be initiated remotely. R7-Office is a fork of OpenOffice, and it is currently uncertain if OpenOffice is affected, as the OpenOffice team has not been able to reproduce the issue in their codebase.Recommendations
Upgrade to version 2025.3.1.923 to address this issue.
Upgrade the affected component.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jsc R7 R7-Office Document Server
Openoffice