icon

We found results for “

CVE-2025-31672

Good to know:

icon
icon

Date: April 9, 2025

Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names (including the path) in the zip. In this case, products reading the affected file could read different data because 1 of the zip entries with the duplicate name is selected over another but different products may choose a different zip entry. This issue affects Apache POI poi-ooxml before 5.4.0. poi-ooxml 5.4.0 has a check that throws an exception if zip entries with duplicate file names are found in the input file. Users are recommended to upgrade to version poi-ooxml 5.4.0, which fixes the issue.

Severity Score

Severity Score

Weakness Type (CWE)

Improper Input Validation

CWE-20

Top Fix

icon

Upgrade Version

Upgrade to version org.apache.poi:poi-ooxml:5.4.0;org.apache.poi:poi-ooxml:5.4.0;https://github.com/apache/poi.git - REL_5_4_0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): NONE

Do you need more information?

Contact Us