CNNVD-202512-348 Information
CNNVD ID
CNNVD-202512-348
Related CVE
- CNNVD Published: 2025-12-03
Description (Chinese)
Collabora Online是英国Collabora公司的一个应用软件。一个强大的基于 LibreOffice 的在线办公室,支持所有主要的文档、电子表格和演示文件格式。 Collabora Online 25.04.702之前版本存在操作系统命令注入漏洞,该漏洞源于richdocumentscode代理存在OS命令注入,可能导致远程代码执行。
Description (English)
Collabora Online is an application of the British company Collabora. A strong LibreOffice-based online office to support all major documents, spreadsheets and presentation file formats. Collabora Online 25.04.702 has an operational system command-injection loophole, which originates from an OS-injection of the richdocumentscode agent, which may lead to remote code enforcement.
Hazard Level
High
Vulnerability Type
操作系统命令注入
Affected Vendor
Collabora
Published
2025-12-03
Last Modified
2026-02-24
References
https://github.com/CollaboraOnline/online/security/advisories/GHSA-j3q6-q5pc-v5wf https://access.redhat.com/security/cve/cve-2025-66208
Patch
https://github.com/CollaboraOnline/online/releases
Share on: