Lucene search

CVE-2021-25831

🗓️ 01 Mar 2021 16:14:15Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 29 Views

A file extension handling issue in ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3 allows remote code execution

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 6
NVD	CVE-2021-25831	1 Mar 202116:15	–	nvd
Prion	Design/Logic Flaw	1 Mar 202116:15	–	prion
Cvelist	CVE-2021-25831	1 Mar 202115:08	–	cvelist
CNVD	ONLYOFFICE Document Server File Extension Handling Vulnerability (CNVD-2021-17248)	2 Mar 202100:00	–	cnvd
OSV	CVE-2021-25831	1 Mar 202116:15	–	osv
Check Point Advisories	ONLYOFFICE DocumentServer Remote Code Execution (CVE-2021-25831; CVE-2021-25830; CVE-2021-25833)	28 Mar 202100:00	–	checkpoint_advisories

Nvd

Node

onlyoffice document_serverRange4.0.0-9–5.6.3

Source	Link
github	www.github.com/ONLYOFFICE/core/blob/v5.6.4.13/ASCOfficePPTXFile/Editor/BinaryFileReaderWriter.cpp
github	www.github.com/ONLYOFFICE/core/blob/v5.6.4.13/ASCOfficePPTXFile/Editor/BinaryFileReaderWriter.cpp
github	www.github.com/merrychap/poc_exploits/tree/master/ONLYOFFICE/CVE-2021-25831
github	www.github.com/ONLYOFFICE/core/blob/v5.6.4.13/ASCOfficePPTXFile/PPTXFormat/Logic/Fills/BlipFill.cpp
github	www.github.com/ONLYOFFICE/DocumentServer
github	www.github.com/ONLYOFFICE/core

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

01 Mar 2021 16:15Current

9.7High risk

Vulners AI Score9.7

CVSS27.5

CVSS39.8

EPSS0.03615