Volerion logoVolerion
Volerion logoVolerion

LibreOffice TCC Bypass Vulnerability in Bundled Python Interpreter on macOS

Vulnerability

A vulnerability allowing authentication bypass has been identified in LibreOffice on macOS, specifically in versions 25.2 prior to 25.2.4. The issue arises because the application includes a Python interpreter that inherits Transparency, Consent, and Control (TCC) permissions granted to the main application bundle. This allows scripts executed by the interpreter to run with the application's TCC privileges, creating a potential security risk. In versions 25.2.4 and later, this vulnerability is addressed by implementing parent-constraints that restrict TCC permission access to the main application only.

Impact

Exploitation of this vulnerability allows scripts to be executed with the application's TCC privileges, potentially leading to unauthorized access or manipulation of user data and settings.

Remediation

Users are advised to upgrade to LibreOffice version 25.2.4 or later to address this vulnerability.

Added: Dec 15, 2025, 11:19 AM
Updated: Dec 15, 2025, 7:04 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
5.0
exploitability
4.7
remediation
7.7
relevance
1.5
threat
0.0
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.