- Description
- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files. This issue affects LibreOffice: from 24.8 before < 24.8.4.
- Source
- security@documentfoundation.org
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 2.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- LOW
- security@documentfoundation.org
- CWE-22
- Hype score
- Not currently trending
LibreOfficeの脆弱性を悪用するPoCが公開(CVE-2024-12425,CVE-2024-12426) https://t.co/ePCuryaTff #izumino_trend
@sec_trend
19 Feb 2025
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔒 Atenção, usuários do LibreOffice! Vulnerabilidades críticas permitem execução de código arbitrário e manipulação de arquivos sensíveis. CVE-2024-12425 e CVE-2024-12426 podem comprometer suas informações. Atualize agora para se proteger!
@IncursioHack
19 Feb 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
LibreOfficeの脆弱性を悪用するPoCが公開(CVE-2024-12425,CVE-2024-12426) #セキュリティ #セキュリティ対策Lab https://t.co/KDxItn0Rl4
@securityLab_jp
19 Feb 2025
17 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Two critical vulnerabilities in LibreOffice (CVE-2024-12425 & CVE-2024-12426) can be exploited via malicious documents, posing serious risks. Update to version 24.8.4 ASAP! 🔒 #LibreOffice #DataSecurity #USA link: https://t.co/FJwYyDokH8 https://t.co/zr7pEQP6xW
@TweetThreatNews
18 Feb 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#LibreOffice: patches two #vulnerabilities allowing arbitrary file writes & remote data extraction from environment variables & configuration files. CVE-2024-12425 & CVE-2024-12426 require no user interaction beyond opening a malicious document: 👇 🔗 https://t.co/p
@StringsVsAtoms
18 Feb 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#LibreOffice: patches two #vulnerabilities allowing arbitrary file writes & remote data extraction from environment variables & configuration files. CVE-2024-12425 & CVE-2024-12426 require no user interaction beyond opening a malicious document: 👇 https://t.co/vGSKI
@securestep9
18 Feb 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
LibreOffice Vulnerabilities (CVE-2024-12425 & CVE-2024-12426): PoCs Released https://t.co/ehgycwRHSu
@Dinosn
18 Feb 2025
2787 Impressions
14 Retweets
34 Likes
8 Bookmarks
0 Replies
0 Quotes
#exploit 1. CVE-2024-12425, CVE-2024-12426: LibreOffice Path Traversal https://t.co/6gInUfeAFA 2. CVE-2024-36412: Using XSS filters against XSS filters - Unexpected SQLI/RCE https://t.co/xh9NiHmgqa 3. CVE-2024-42327: Zabbix Privilege Escalation -> RCE https://t.co/jQT6L9XMLy
@ksg93rd
17 Feb 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
LibreOffice CVE-2024-12425: Path traversal leading to arbitrary .ttf file write https://t.co/ndGQTtCZH4 CVE-2024-12426: URL fetching can be used to exfiltrate arbitrary INI file values and environment variables https://t.co/VjegSgQnIw
@autumn_good_35
9 Jan 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12425 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. … https://t.co/oxFrVgSHE7
@CVEnew
7 Jan 2025
461 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes