Vulnerability Details CVE-2025-2866
Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation.
In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid
This issue affects LibreOffice: from 24.8 before < 24.8.6, from 25.2 before < 25.2.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.5%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2025-2866
-
cpe:2.3:a:libreoffice:libreoffice:*
-
cpe:2.3:a:libreoffice:libreoffice:24.8.0.0
-
cpe:2.3:a:libreoffice:libreoffice:24.8.0.1
-
cpe:2.3:a:libreoffice:libreoffice:24.8.0.2
-
cpe:2.3:a:libreoffice:libreoffice:24.8.0.3
-
cpe:2.3:a:libreoffice:libreoffice:24.8.1.1
-
cpe:2.3:a:libreoffice:libreoffice:24.8.1.2
-
cpe:2.3:a:libreoffice:libreoffice:24.8.2.1
-
cpe:2.3:a:libreoffice:libreoffice:24.8.3.1
-
cpe:2.3:a:libreoffice:libreoffice:24.8.3.2
-
cpe:2.3:a:libreoffice:libreoffice:24.8.4.1
-
cpe:2.3:a:libreoffice:libreoffice:24.8.4.2
-
cpe:2.3:a:libreoffice:libreoffice:25.2.0.0