CVE-2021-25631

CVE-2021-25631: denylist of executable filename extensions possible to bypass under windows

Vendor The Document Foundation
Product LibreOffice
Weakness CWE-184
Published May 3, 2021
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.

Key dates

02Disclosure timeline

May 3, 2021 CVE published
September 16, 2024 Record updated