CVE-2025-27791
April 15, 2025
Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckFileInfo BaseFileName field returned from WOPI servers. This allows for a file to be written anywhere the uid running Collabora Online can write, if such a response was supplied by a malicious WOPI server. By combining this flaw with a Time of Check, Time of Use DNS lookup issue with a WOPI server address under attacker control, it is possible to present such a response to be processed by a Collabora Online instance. This issue has been patched in versions 24.04.13.1, 23.05.19, and 22.05.25.
Affected Packages
https://github.com/CollaboraOnline/online.git (GITHUB):
Affected version(s) >=cp-24.04.1-1 <cp-22.05.25-1Fix Suggestion:
Update to version cp-22.05.25-1https://github.com/CollaboraOnline/online.git (GITHUB):
Affected version(s) >=cp-23.05.0-1 <cp-23.05.19-1Fix Suggestion:
Update to version cp-23.05.19-1Related Resources (1)
Do you need more information?
Contact UsCVSS v4
Base Score:
8.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
HIGH
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
LOW
Weakness Type (CWE)
Relative Path Traversal
EPSS
Base Score:
0.94
