An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid (or unknown to LibreOffice) algorithm and LibreOffice would incorrectly present such a signature with an unknown algorithm as a valid signature issued by a trusted person This issue affects LibreOffice: from 7.0 before 7.0.5, from 7.1 before 7.1.1.
History

Fri, 21 Mar 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 21 Mar 2025 15:00:00 +0000

Type Values Removed Values Added
Description A flaw was found in LibreOffice, where it improperly validated signatures for algorithms that were not verified. This flaw leads to LibreOffice presenting a valid signature when the validity of the signature was not verified. The highest threat from this vulnerability is to confidentiality and integrity. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid (or unknown to LibreOffice) algorithm and LibreOffice would incorrectly present such a signature with an unknown algorithm as a valid signature issued by a trusted person This issue affects LibreOffice: from 7.0 before 7.0.5, from 7.1 before 7.1.1.
Title libreoffice: Content Manipulation with Certificate Validation Attack Content Manipulation with Certificate Validation Attack
Metrics cvssV4_0

{'score': 5.2, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Document Fdn.

Published: 2025-03-21T14:52:50.484Z

Updated: 2025-03-21T15:13:24.100Z

Reserved: 2021-01-19T22:48:43.994Z

Link: CVE-2021-25635

cve-icon Vulnrichment

Updated: 2025-03-21T15:13:15.453Z

cve-icon NVD

Status : Received

Published: 2025-03-21T15:15:35.707

Modified: 2025-03-21T15:15:35.707

Link: CVE-2021-25635

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-10-11T00:00:00Z

Links: CVE-2021-25635 - Bugzilla