{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-12425", "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "state": "PUBLISHED", "assignerShortName": "Document Fdn.", "dateReserved": "2024-12-10T16:37:20.903Z", "datePublished": "2025-01-07T11:15:08.251Z", "dateUpdated": "2025-11-03T20:36:38.438Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "LibreOffice", "vendor": "The Document Foundation", "versions": [{"lessThan": "< 24.8.4", "status": "affected", "version": "24.8", "versionType": "24.8 series"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Thomas Rinsma of Codean Labs"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal.</div><div><br></div><div>An attacker can write to arbitrary locations, albeit suffixed with \".ttf\", by supplying a file in a format that supports embedded font files.<br></div><p>This issue affects LibreOffice: from 24.8 before &lt; 24.8.4.</p>"}], "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal.\n\n\n\n\nAn attacker can write to arbitrary locations, albeit suffixed with \".ttf\", by supplying a file in a format that supports embedded font files.\n\n\nThis issue affects LibreOffice: from 24.8 before < 24.8.4."}], "impacts": [{"capecId": "CAPEC-597", "descriptions": [{"lang": "en", "value": "CAPEC-597 Absolute Path Traversal"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 2.4, "baseSeverity": "LOW", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn.", "dateUpdated": "2025-01-07T11:15:08.251Z"}, "references": [{"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2024-12425"}], "source": {"discovery": "EXTERNAL"}, "title": "Path traversal leading to arbitrary .ttf file write", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-07T14:16:49.139137Z", "id": "CVE-2024-12425", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-07T14:17:01.599Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00013.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:36:38.438Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00013.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:36:38.438Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-12425", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-07T14:16:49.139137Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-07T14:16:58.024Z"}}], "cna": {"title": "Path traversal leading to arbitrary .ttf file write", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Thomas Rinsma of Codean Labs"}], "impacts": [{"capecId": "CAPEC-597", "descriptions": [{"lang": "en", "value": "CAPEC-597 Absolute Path Traversal"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "The Document Foundation", "product": "LibreOffice", "versions": [{"status": "affected", "version": "24.8", "lessThan": "< 24.8.4", "versionType": "24.8 series"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2024-12425"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal.\n\n\n\n\nAn attacker can write to arbitrary locations, albeit suffixed with \".ttf\", by supplying a file in a format that supports embedded font files.\n\n\nThis issue affects LibreOffice: from 24.8 before < 24.8.4.", "supportingMedia": [{"type": "text/html", "value": "<div>Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal.</div><div><br></div><div>An attacker can write to arbitrary locations, albeit suffixed with \".ttf\", by supplying a file in a format that supports embedded font files.<br></div><p>This issue affects LibreOffice: from 24.8 before &lt; 24.8.4.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn.", "dateUpdated": "2025-01-07T11:15:08.251Z"}}}, "cveMetadata": {"cveId": "CVE-2024-12425", "state": "PUBLISHED", "dateUpdated": "2025-11-03T20:36:38.438Z", "dateReserved": "2024-12-10T16:37:20.903Z", "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "datePublished": "2025-01-07T11:15:08.251Z", "assignerShortName": "Document Fdn."}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "37BC991A-5F4D-48F2-B10A-1BFB7DD027C6", "versionEndExcluding": "24.8.4", "versionStartIncluding": "24.8.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:24.8.0.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "910F0BB3-ECA0-4338-B67B-A9BBD6FFDCB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:24.8.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "7A1C6BCA-6638-4925-A32B-217282923645", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal.\n\n\n\n\nAn attacker can write to arbitrary locations, albeit suffixed with \".ttf\", by supplying a file in a format that supports embedded font files.\n\n\nThis issue affects LibreOffice: from 24.8 before < 24.8.4."}, {"lang": "es", "value": "La vulnerabilidad de limitaci\u00f3n incorrecta de una ruta de acceso a un directorio restringido ('Path Traversal') en The Document Foundation LibreOffice permite un Path Traversal absoluto. Un atacante puede escribir en ubicaciones arbitrarias, aunque tengan el sufijo \".ttf\", proporcionando un archivo en un formato que admita archivos de fuentes incrustados. Este problema afecta a LibreOffice: desde la versi\u00f3n 24.8 hasta la versi\u00f3n &lt; 24.8.4."}], "id": "CVE-2024-12425", "lastModified": "2025-12-08T18:38:59.543", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@documentfoundation.org", "type": "Secondary"}]}, "published": "2025-01-07T12:15:24.183", "references": [{"source": "security@documentfoundation.org", "tags": ["Vendor Advisory"], "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2024-12425"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00013.html"}], "sourceIdentifier": "security@documentfoundation.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@documentfoundation.org", "type": "Secondary"}]}

{"bugzilla": {"description": "LibreOffice: Path traversal leading to arbitrary .ttf file write", "id": "2336110", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336110"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-22", "details": ["Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal.\nAn attacker can write to arbitrary locations, albeit suffixed with \".ttf\", by supplying a file in a format that supports embedded font files.\nThis issue affects LibreOffice: from 24.8 before < 24.8.4.", "A flaw was found in LibreOffice. This vulnerability can allow an attacker to write to arbitrary locations on the file system suffixed with \".ttf\" via a specially crafted file that supports embedded font files."], "name": "CVE-2024-12425", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-01-07T11:15:08Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-12425\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-12425\nhttps://www.libreoffice.org/about-us/security/advisories/cve-2024-12425"], "threat_severity": "Low"}

{"created": "2025-07-12T22:00:52.542850+00:00", "updated": "2025-07-12T22:00:52.542911+00:00", "vendors": ["the_document_foundation", "the_document_foundation$PRODUCT$libreoffice"]}