Local Network Vulnerability in Collabora Online Office Suite
CVE-2025-24796

6.3MEDIUM

Key Information:

Vendor: Collaboraonline
Status: Online
Vendor: CVE Published:; 6 March 2025

🔔 Create Collaboraonline Vulnerability Alert

What is CVE-2025-24796?

Collabora Online, a collaborative online office suite derived from LibreOffice, has been found to allow executable binaries to run within a limited environment when macro support is enabled by an administrator. Although macros are disabled by default, their activation could permit execution of arbitrary binaries located in allowed locations, typically within the local network. When the macros are enabled, the framework's architecture makes it feasible to potentially install and execute these binaries, thereby extending beyond the standard network limitations. It is crucial to update to version 24.04.12.4, 23.05.19, 22.05.25, or later to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

online < 22.05.25 < 22.05.25

online >= 23.05.1, < 23.05.19 < 23.05.1, 23.05.19

online >= 24.04.1.1, < 24.04.12.4 < 24.04.1.1, 24.04.12.4

References

https://github.com/CollaboraOnline/online/security/adviso...

x_refsource_CONFIRM

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Mar 6, 2025
Vulnerability Reserved
Jan 23, 2025

JSON

Collaboraonline