Path Traversal Vulnerability in JSC R7 R7-Office Document Server
CVE-2025-10777

5.3MEDIUM

Key Information:

Vendor

Jsc R7

Status
R7-office Document Server
Vendor
CVE Published:
22 September 2025

What is CVE-2025-10777?

A vulnerability in JSC R7 R7-Office Document Server allows for path traversal through manipulation of the 'cmd' argument in the /downloadas/ function. This vulnerability affects versions prior to 2025.3.1.923 and can be exploited remotely. Although the OpenOffice team was unable to reproduce the issue within their codebase, JSC confirmed that the vulnerability has been patched in the latest release. Users are strongly advised to upgrade to version 2025.3.1.923 to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

R7-Office Document Server 20250820

R7-Office Document Server 2025.3.1.923

References

https://vuldb.com/?id.325133
vdb-entrytechnical-description
https://vuldb.com/?ctiid.325133
signaturepermissions-required
https://vuldb.com/?submit.638446
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ymka_1 (VulDB User)
JSON
.