Vulnerability Description
Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckFileInfo BaseFileName field returned from WOPI servers. This allows for a file to be written anywhere the uid running Collabora Online can write, if such a response was supplied by a malicious WOPI server. By combining this flaw with a Time of Check, Time of Use DNS lookup issue with a WOPI server address under attacker control, it is possible to present such a response to be processed by a Collabora Online instance. This issue has been patched in versions 24.04.13.1, 23.05.19, and 22.05.25.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-27791?
CVE-2025-27791 is a documented vulnerability. Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckFi...
How severe is CVE-2025-27791?
CVSS scoring is not yet available for CVE-2025-27791. Check NVD for updates.
Is there a patch for CVE-2025-27791?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.