CVE-2025-27791
Description
Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckFileInfo BaseFileName field returned from WOPI servers. This allows for a file to be written anywhere the uid running Collabora Online can write, if such a response was supplied by a malicious WOPI server. By combining this flaw with a Time of Check, Time of Use DNS lookup issue with a WOPI server address under attacker control, it is possible to present such a response to be processed by a Collabora Online instance. This issue has been patched in versions 24.04.13.1, 23.05.19, and 22.05.25.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-27791? +
How do I check if I'm vulnerable to CVE-2025-27791? +
Related Vulnerabilities
The API used to interact with documents in the application contains a flaw that allows an authenticated attacker to read …
Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the `$target` parameter in `/controller.php` was not …
If exploited an attacker could traverse the file system to access files or directories that would otherwise be inaccessible
Luanox is a module host for Lua packages. Prior to 0.1.1, a file traversal vulnerability can cause potential denial of …
esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a Local File Inclusion (LFI) …
LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized …