vulnerability
Red Hat: CVE-2025-2866: LibreOffice: PDF signature forgery with adbe.pkcs7.sha1 SubFilter
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:M/Au:N/C:N/I:C/A:N) | Apr 27, 2025 | Jul 9, 2025 | Jul 10, 2025 |
Severity
5
CVSS
(AV:L/AC:M/Au:N/C:N/I:C/A:N)
Published
Apr 27, 2025
Added
Jul 9, 2025
Modified
Jul 10, 2025
Description
Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation.
In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid
This issue affects LibreOffice: from 24.8 before < 24.8.6, from 25.2 before < 25.2.2.
Solution
no-fix-redhat-rpm-package
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.