Authentication Bypass Vulnerability in LibreOffice by The Document Foundation
CVE-2025-14714

0.9LOW

Key Information:

Vendor: The Document Foundation
Status: Libreoffice
Vendor: CVE Published:; 15 December 2025

🔔 Create The Document Foundation Vulnerability Alert

What is CVE-2025-14714?

An authentication bypass vulnerability was identified in LibreOffice, where an embedded Python interpreter inherited Transparency, Consent, and Control (TCC) permissions from the main application. This flaw allowed attackers to run scripts with elevated user privileges by executing the interpreter directly. The vulnerability impacted versions of LibreOffice prior to 25.2.4. The fixed versions introduce parent constraints ensuring that only the primary application can launch the interpreter with such permissions, mitigating the risk of unauthorized script execution. For further details, visit the advisory page.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

LibreOffice MacOS 25.2

References

https://www.libreoffice.org/about-us/security/advisories/...

CVSS V4

Score:

0.9

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Dec 15, 2025
Vulnerability Reserved
Dec 15, 2025

Credit

Karol Mazurek of AFINE

JSON

The Document Foundation

What is CVE-2025-14714?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.