VDB
CVE-2021-25635
CVE-2021-25635
REJECTED
An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid (or unknown to LibreOffice) algorithm and LibreOffice would incorrectly present such a signature with an unknown algorithm as a valid signature issued by a trusted person This issue affects LibreOffice: from 7.0 before 7.0.5, from 7.1 before 7.1.1.
EPSS 0.04% · 14.2th percentile
Risk Scores
EPSS Score
0.04%
14.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | libreoffice | 0 |
Timeline
- Mar 21, 2025 CVE Published
- Mar 21, 2025 CVE Updated
- Mar 22, 2025 EPSS Score
- Apr 4, 2025 EPSS Score
- Apr 18, 2025 EPSS Score
- May 1, 2025 EPSS Score
- May 14, 2025 EPSS Score
- May 27, 2025 EPSS Score
- Jun 10, 2025 EPSS Score
- Jun 23, 2025 EPSS Score
- Jul 6, 2025 EPSS Score
- Jul 19, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-25635 third-party-advisory
- https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25635 third-party-advisory
- https://www.openwall.com/lists/oss-security/2021/10/11/3 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-25635 third-party-advisory