CVE-2025-27791 Information

Description

Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4 23.05.19 and 22.05.25 there is a path traversal flaw in handling the CheckFileInfo BaseFileName field returned from WOPI servers. This allows for a file to be written anywhere the uid running Collabora Online can write if such a response was supplied by a malicious WOPI server. By combining this flaw with a Time of Check Time of Use DNS lookup issue with a WOPI server address under attacker control it is possible to present such a response to be processed by a Collabora Online instance. This issue has been patched in versions 24.04.13.1 23.05.19 and 22.05.25.

Reference

https://github.com/CollaboraOnline/online/security/advisories/GHSA-9j32-gg3j-8w25