CNNVD-202511-1853 Information

CNNVD ID

CNNVD-202511-1853

Related CVE

CVE-2025-64766

• CNNVD Published: 2025-11-17

Description (Chinese)

ONLYOFFICE Docs是ONLYOFFICE公司的一款在线办公软件。 ONLYOFFICE Docs 22.11版本至25.05之前版本和25.11之前版本存在信任管理问题漏洞，该漏洞源于使用了硬编码密钥保护文件缓存，可能导致访问已知文档。

Description (English)

ONLYOFICE Docs is an online office software for ONLYOFFICE. OLYOFFICE Docs 22.11 to 25.05 and 25.11 have trust management management gaps, which stem from the use of hard-coded key-protected file caches that may lead to access to known documents.

Hazard Level

High

Vulnerability Type

信任管理问题

Affected Vendor

ONLYOFFICE

Published

2025-11-17

Last Modified

2026-02-24

References

https://github.com/NixOS/nixpkgs/pull/462204 https://github.com/NixOS/nixpkgs/commit/cec38dec00df26a901eb8b424d53bbb3bcc72eec https://github.com/NixOS/nixpkgs/commit/8e74d05e3de4ee5ad320cd585a7e0f12a4730869 https://github.com/NixOS/nixpkgs/pull/462100 https://github.com/NixOS/nixpkgs/security/advisories/GHSA-58m4-5wg3-5g5v https://access.redhat.com/security/cve/cve-2025-64766

Patch

https://nixos.org/download/