CVE-2025-2866 Information

Description

Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation.

In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid

This issue affects LibreOffice: from 24.8 before < 24.8.6 from 25.2 before < 25.2.2.

Reference

https://www.libreoffice.org/about-us/security/advisories/cve-2025-2866