CVE-2023-25266 : An issue was discovered in Docmosis Tornado prior to version 2.9.5. An authentic

An issue was discovered in Docmosis Tornado prior to version 2.9.5. An authenticated attacker can change the Office directory setting pointing to an arbitrary remote network path. This triggers the execution of the soffice binary under the attackers control leading to arbitrary remote code execution (RCE).

Published 2023-02-28 16:15:09

Updated 2023-03-07 22:57:39

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2023-25266

Docmosis » Tornado
Versions before (<) 2.9.5
cpe:2.3:a:docmosis:tornado:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-25266

EPSS FAQ

0.31%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 70 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-25266

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2023-25266

https://resources.docmosis.com/content/documentation/tornado-v2-9-5-release-notes

Tornado (v2.9.5) - Release Notes
Release Notes

CVEs referencing this url
https://frycos.github.io/vulns4free/2023/01/24/0days-united-nations.html

Using 0days to Protect the United Nations | Frycos Security Diary
Exploit;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-25266

Products affected by CVE-2023-25266

Exploit prediction scoring system (EPSS) score for CVE-2023-25266

CVSS scores for CVE-2023-25266

References for CVE-2023-25266