File Handling Flaw in ONLYOFFICE DocumentServer Leads to Remote Code Execution
CVE-2021-25830

9.8CRITICAL

Key Information:

Vendor

Onlyoffice

Status
Document Server
Vendor
CVE Published:
1 March 2021

What is CVE-2021-25830?

An issue in the file extension handling within ONLYOFFICE DocumentServer versions 4.2.0.236 through 5.6.4.13 allows attackers to exploit the system. By requesting the conversion of a specifically crafted file from DOCT to DOCX format, an attacker can leverage a chain of unrelated improper string handling bugs to achieve remote code execution on the DocumentServer. This vulnerability highlights significant security risks in document management workflows.

References

https://github.com/ONLYOFFICE/DocumentServer
x_refsource_MISC
https://github.com/ONLYOFFICE/core
x_refsource_MISC
https://github.com/ONLYOFFICE/core/blob/v5.6.4.13/ASCOffi...
x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2021-25830 : File Handling Flaw in ONLYOFFICE DocumentServer Leads to Remote Code Execution