{"id":"CVE-2025-2866","details":"Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation.\n\n\n\n\nIn the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid\n\n\n\n\nThis issue affects LibreOffice: from 24.8 before \u003c 24.8.6, from 25.2 before \u003c 25.2.2.","modified":"2026-04-16T04:41:35.838474259Z","published":"2025-04-27T19:15:15.137Z","references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/06/msg00002.html"},{"type":"ADVISORY","url":"https://www.libreoffice.org/about-us/security/advisories/cve-2025-2866"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libreoffice/core","events":[{"introduced":"0"},{"last_affected":"a17e39caaf73108bee692d6f64a44c62f4066f1d"},{"introduced":"0"},{"last_affected":"318462181c709ed29c01eb3239b4d600d7b82ecc"},{"introduced":"0"},{"last_affected":"e3a80ef423457e6634be97665732b2181c944d4c"},{"introduced":"0"},{"last_affected":"5a5fc103cad77dc243b7e54511502054c12c121c"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"24.8.0.0-alpha1"},{"introduced":"0"},{"last_affected":"24.8.0.0-beta1"},{"introduced":"0"},{"last_affected":"25.2.0.0-alpha1"},{"introduced":"0"},{"last_affected":"25.2.0.0-beta1"}]}}],"versions":["MELD_LIBREOFFICE_REPOS","gpg4libre-review-5.4.99","libreoffice-24-2-branch-point","libreoffice-24-8-branch-point","libreoffice-24.8.0.0.alpha1","libreoffice-24.8.0.0.beta1","libreoffice-25-2-branch-point","libreoffice-25.2.0.0.alpha1","libreoffice-25.2.0.0.beta1","libreoffice-3-5-branch-point","libreoffice-3-6-branch-point","libreoffice-3.5.0.0","libreoffice-4-0-branch-point","libreoffice-4-1-branch-point","libreoffice-4-2-branch-point","libreoffice-4-2-milestone-1","libreoffice-4-3-branch-point","libreoffice-4-4-branch-point","libreoffice-5-0-branch-point","libreoffice-5-1-branch-point","libreoffice-5-2-branch-point","libreoffice-5-3-branch-point","libreoffice-5-4-branch-point","libreoffice-6-0-branch-point","libreoffice-6-1-branch-point","libreoffice-6-2-branch-point","libreoffice-6-3-branch-point","libreoffice-6-4-branch-point","libreoffice-7-0-branch-point","libreoffice-7-1-branch-point","libreoffice-7-2-branch-point","libreoffice-7-3-branch-point","libreoffice-7-4-branch-point","libreoffice-7-5-branch-point","libreoffice-7-6-branch-point","sdremote-2.0.0","windows_build_successful_2011_11_08"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"24.8.0.1"},{"fixed":"24.8.6.0"}]},{"events":[{"introduced":"25.2.0.1"},{"fixed":"25.2.2"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2866.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}]}