Unrated severityNVD Advisory· Published Apr 27, 2025· Updated Nov 3, 2025

PDF signature forgery with adbe.pkcs7.sha1 SubFilter

CVE-2025-2866

Description

Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation.

In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid

This issue affects LibreOffice: from 24.8 before < 24.8.6, from 25.2 before < 25.2.2.

Affected products

Libreoffice/Libreofficellm-fuzzy
Range: >=24.8, <24.8.6; >=25.2, <25.2.2
The Document Foundation/Libreoffice Onlinecpe-rescue
Range: 24.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.libreoffice.org/about-us/security/advisories/cve-2025-2866mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000