{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T05:25:18.856","vulnerabilities":[{"cve":{"id":"CVE-2025-24796","sourceIdentifier":"security-advisories@github.com","published":"2025-03-06T19:15:26.953","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Collabora Online is a collaborative online office suite based on LibreOffice. Macro support is disabled by default in Collabora Online, but can be enabled by an administrator. Collabora Online typically hosts each document instance within a jail and is allowed to download content from locations controlled by the net.lok_allow configuration option, which by default include the private IP ranges to enable access to the local network. If enabled, macros were allowed run executable binaries. By combining an ability to host executables, typically in the local network, in an allowed accessible location, with a macro enabled Collabora Online, it was then possible to install arbitrary binaries within the jail and execute them. These executables are restricted to the same jail file system and user as the document instance but can be used to bypass the additional limits on what network hosts are accessible and provide more flexibility as a platform for further attempts. This is issue is fixed in 24.04.12.4, 23.05.19, 22.05.25 and later macros."},{"lang":"es","value":"Collabora Online es una suite de oficina colaborativa en línea basada en LibreOffice. El soporte de macros está deshabilitado de manera predeterminada en Collabora Online, pero puede ser habilitado por un administrador. Collabora Online normalmente aloja cada instancia de documento dentro de una cárcel y se le permite descargar contenido desde ubicaciones controladas por la opción de configuración net.lok_allow, que de manera predeterminada incluye los rangos de IP privados para habilitar el acceso a la red local. Si se habilitaba, se permitía que las macros ejecutaran binarios ejecutables. Al combinar la capacidad de alojar ejecutables, generalmente en la red local, en una ubicación accesible permitida, con un Collabora Online con macros habilitadas, fue posible instalar binarios arbitrarios dentro de la cárcel y ejecutarlos. Estos ejecutables están restringidos al mismo sistema de archivos de la cárcel y al mismo usuario que la instancia del documento, pero se pueden usar para eludir los límites adicionales sobre qué hosts de red son accesibles y brindar más flexibilidad como plataforma para intentos posteriores. Este problema se solucionó en las macros 24.04.12.4, 23.05.19, 22.05.25 y posteriores."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-829"}]}],"references":[{"url":"https://github.com/CollaboraOnline/online/security/advisories/GHSA-4jjq-vgqp-qw45","source":"security-advisories@github.com"}]}}]}