CVE-2025-27791

HIGH

Collabora Online <24.04.12.4-22.05.25 - Path Traversal

Title source: llm

Description

Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckFileInfo BaseFileName field returned from WOPI servers. This allows for a file to be written anywhere the uid running Collabora Online can write, if such a response was supplied by a malicious WOPI server. By combining this flaw with a Time of Check, Time of Use DNS lookup issue with a WOPI server address under attacker control, it is possible to present such a response to be processed by a Collabora Online instance. This issue has been patched in versions 24.04.13.1, 23.05.19, and 22.05.25.

References (1)

[Vendor Advisory] https://github.com/CollaboraOnline/online/security/advisories/GHSA-9j32-gg3j-8w25

Scores

CVSS v4 8.3

EPSS 0.0094

EPSS Percentile 76.3%

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-23

Status published

Products (3)

CollaboraOnline/online < 22.05.25

CollaboraOnline/online >= 23.05.0, < 23.05.19

CollaboraOnline/online >= 24.04.1.1, < 24.04.13.1

Published Apr 15, 2025

Tracked Since Feb 18, 2026