Description
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://positive.security/blog/url-open-rce#open-libreoffice
Vendor Advisory x_refsource_misc
https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/
Scores
CVSS v3
8.8
EPSS
0.0527
EPSS Percentile
91.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-184
Status
published
Products (1)
libreoffice/libreoffice
7.0.0 - 7.0.5
Published
May 03, 2021
Tracked Since
Feb 18, 2026