Authentication Bypass Vulnerability in LibreOffice by The Document Foundation
CVE-2025-14714

0.9LOW

Key Information:

Vendor: The Document Foundation
Status: Libreoffice
Vendor: CVE Published:; 15 December 2025

🔔 Create The Document Foundation Vulnerability Alert

What is CVE-2025-14714?

An authentication bypass vulnerability was identified in LibreOffice, where an embedded Python interpreter inherited Transparency, Consent, and Control (TCC) permissions from the main application. This flaw allowed attackers to run scripts with elevated user privileges by executing the interpreter directly. The vulnerability impacted versions of LibreOffice prior to 25.2.4. The fixed versions introduce parent constraints ensuring that only the primary application can launch the interpreter with such permissions, mitigating the risk of unauthorized script execution. For further details, visit the advisory page.

Affected Version(s)

LibreOffice MacOS 25.2

References

https://www.libreoffice.org/about-us/security/advisories/...

CVSS V4

Score:

0.9

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 15, 2025
Vulnerability Reserved
Dec 15, 2025

Credit

Karol Mazurek of AFINE

JSON