{
  "threat_severity" : "Low",
  "public_date" : "2025-04-27T19:04:52Z",
  "bugzilla" : {
    "description" : "LibreOffice: PDF signature forgery with adbe.pkcs7.sha1 SubFilter",
    "id" : "2362574",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2362574"
  },
  "cvss3" : {
    "cvss3_base_score" : "2.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
    "status" : "draft"
  },
  "cwe" : "CWE-347",
  "details" : [ "Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation.\nIn the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid\nThis issue affects LibreOffice: from 24.8 before < 24.8.6, from 25.2 before < 25.2.2.", "A flaw was found in LibreOffice related to cryptographic signature verification in PDFs. This vulnerability allows attackers to spoof digital signatures, possibly leading to misleading or falsified documents and potentially affecting trust in digitally signed PDFs." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Fix deferred",
    "package_name" : "libreoffice",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "libreoffice",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "libreoffice",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "libreoffice",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-2866\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-2866\nhttps://www.libreoffice.org/about-us/security/advisories/cve-2025-2866" ],
  "name" : "CVE-2025-2866",
  "mitigation" : {
    "value" : "Users should apply security updates to mitigate the risk.",
    "lang" : "en:us"
  },
  "csaw" : false
}