High severityNVD Advisory· Published Apr 15, 2025· Updated Apr 15, 2026

CVE-2025-27791

Description

Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckFileInfo BaseFileName field returned from WOPI servers. This allows for a file to be written anywhere the uid running Collabora Online can write, if such a response was supplied by a malicious WOPI server. By combining this flaw with a Time of Check, Time of Use DNS lookup issue with a WOPI server address under attacker control, it is possible to present such a response to be processed by a Collabora Online instance. This issue has been patched in versions 24.04.13.1, 23.05.19, and 22.05.25.

Patches

3dc280be5376

https://github.com/collaboraonline/onlinevia osv

2bd4bb0f65d7

https://github.com/collaboraonline/onlinevia osv

bb42bcbd2aac

https://github.com/collaboraonline/onlinevia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/CollaboraOnline/online/security/advisories/GHSA-9j32-gg3j-8w25nvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000