CVE-2025-10777

MEDIUM

JSC R7 R7-Office Document Server < 20250820 - Path Traversal via /downloadas/ cmd Parameter

Title source: llm

Description

A flaw has been found in JSC R7 R7-Office Document Server up to 20250820. Impacted is an unknown function of the file /downloadas/. Executing manipulation of the argument cmd can lead to path traversal. The attack can be launched remotely. Upgrading to version 2025.3.1.923 is recommended to address this issue. The affected component should be upgraded. R7-Office is a fork of OpenOffice and at the moment it remains unclear if OpenOffice is affected as well. The OpenOffice team was not able to reproduce the issue in their codebase. The vendor replied: "We confirm that this vulnerability has been verified and patched in release 2025.3.1.923. During our security testing, it was not possible to exploit the issue - the server consistently returns proper error responses to the provided scenarios."

References (3)

Core 3

Core References

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.325133

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.325133

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.638446

Scores

CVSS v3 6.3

EPSS 0.0039

EPSS Percentile 30.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (2)

JSC R7/R7-Office Document Server 2025.3.1.923

JSC R7/R7-Office Document Server 20250820

Published Sep 22, 2025

Tracked Since Feb 18, 2026