CVE-2025-14714

Name of the Vulnerable Software and Affected Versions LibreOffice versions prior to 25.2.4

Description An authentication bypass issue existed due to the application bundling a Python interpreter that inherited Transparency, Consent, and Control (TCC) permissions granted to the main application. Executing the bundled interpreter allowed attacker scripts to run with the application’s TCC privileges. The fix involves using parent-constraints to restrict interpreter launches to only the main application with those permissions.

Recommendations Update to LibreOffice version 25.2.4 or later.