Primary

Context

LibreOffice Improper Certificate Validation Vulnerability Allowing Signature Forgery

Vulnerability

Patched

A vulnerability in LibreOffice related to improper certificate validation has been identified, allowing an attacker to manipulate digital signatures on ODF documents. The attacker can self-sign a document with an untrusted signature, then alter it to use an invalid or unknown signature algorithm. LibreOffice erroneously accepts such signatures as valid, presenting them as trusted. This issue affects LibreOffice versions 7.0 prior to 7.0.5 and 7.1 prior to 7.1.1.

Impact

Exploitation of this vulnerability could lead to unauthorized acceptance of manipulated digital signatures, potentially allowing for fraudulent document modifications to be recognized as legitimate.

Remediation

Users can upgrade to LibreOffice versions 7.0.5 or 7.1.1 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LibreOffice Improper Certificate Validation Vulnerability Allowing Signature Forgery

Vulnerability

Impact

Remediation

Affected Products

LibreOffice

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating