Local Network Vulnerability in Collabora Online Office Suite
CVE-2025-24796

6.3MEDIUM

Key Information:

Vendor: Collaboraonline
Status: Online
Vendor: CVE Published:; 6 March 2025

Summary

Collabora Online, a collaborative online office suite derived from LibreOffice, has been found to allow executable binaries to run within a limited environment when macro support is enabled by an administrator. Although macros are disabled by default, their activation could permit execution of arbitrary binaries located in allowed locations, typically within the local network. When the macros are enabled, the framework's architecture makes it feasible to potentially install and execute these binaries, thereby extending beyond the standard network limitations. It is crucial to update to version 24.04.12.4, 23.05.19, 22.05.25, or later to mitigate this risk.

Affected Version(s)

online < 22.05.25 < 22.05.25

online >= 23.05.1, < 23.05.19 < 23.05.1, 23.05.19

online >= 24.04.1.1, < 24.04.12.4 < 24.04.1.1, 24.04.12.4

References

https://github.com/CollaboraOnline/online/security/adviso...

x_refsource_CONFIRM

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Mar 6, 2025
Vulnerability Reserved
Jan 23, 2025