CVE-2021-25831
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote code execution on DocumentServer.
Se encontró un problema de manejo de extensiones de archivo en el módulo [core] de ONLYOFFICE DocumentServer versiones v4.0.0-9-v5.6.3. Un atacante debe pedir la conversión del archivo diseñado de PPTT a formato PPTX. Al Usar la cadena de otros dos bugs relacionados con el manejo inapropiado de cadenas, un atacante remoto puede obtener una ejecución de código remota en DocumentServer
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-22 CVE Reserved
- 2021-03-01 CVE Published
- 2024-07-04 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
https://github.com/ONLYOFFICE/DocumentServer | Product |
URL | Date | SRC |
---|---|---|
https://github.com/merrychap/poc_exploits/tree/master/ONLYOFFICE/CVE-2021-25831 | 2024-08-03 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Onlyoffice Search vendor "Onlyoffice" | Document Server Search vendor "Onlyoffice" for product "Document Server" | >= 4.0.0-9 <= 5.6.3 Search vendor "Onlyoffice" for product "Document Server" and version " >= 4.0.0-9 <= 5.6.3" | - |
Affected
|