Improper Certificate Validation in LibreOffice Products
CVE-2021-25635

5.2MEDIUM

Key Information:

Vendor: The Document Foundation
Status: Libreoffice
Vendor: CVE Published:; 21 March 2025

🔔 Create The Document Foundation Vulnerability Alert

What is CVE-2021-25635?

An improper certificate validation issue exists in LibreOffice, where an attacker can exploit this vulnerability by crafting a self-signed ODF document. This manipulated document uses a signature algorithm that is either invalid or unknown to LibreOffice, leading the software to incorrectly present such a signature as valid. This flaw can mislead users into trusting unverified documents, posing a significant security risk.

Affected Version(s)

LibreOffice 7.0 < 7.0.5

LibreOffice 7.1 < 7.1.1

References

https://www.libreoffice.org/about-us/security/advisories/...

CVSS V4

Score:

5.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 21, 2025
Vulnerability Reserved
Jan 19, 2021

Credit

NDS of Ruhr University Bochum

JSON