CVE-2025-14714

EUVD-2025-203361

15.12.2025, 11:15

An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle

By executing the bundled interpreter directly the attacker's scripts run with the application's TCC privileges

In fixed versions parent-constraints are used to allow only the main application to launch interpreter with those permissions

This issue affects LibreOffice on macOS: from 25.2 before < 25.2.4.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 6%

Affected Products (NVD)

Vendor	Product	Version
libreoffice	libreoffice	25.2.0.1 ≤ 𝑥 < 25.2.4.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libreoffice

bookworm	4:7.4.7-1+deb12u10 fixed
bookworm (security)	4:7.4.7-1+deb12u8 fixed
bullseye	1:7.0.4-4+deb11u10 fixed
bullseye (security)	1:7.0.4-4+deb11u13 fixed
forky	4:26.2.0-1 fixed
sid	4:26.2.0-1 fixed
trixie	4:25.2.3-2+deb13u3 fixed

Ubuntu Releases

Ubuntu Product

Codename

libreoffice

focal	not-affected
jammy	not-affected
noble	not-affected
plucky	not-affected
questing	not-affected

Common Weakness Enumeration

CWE-288 - Authentication Bypass Using an Alternate Path or Channel
A product requires authentication, but the product has an alternate path or channel that does not require authentication.

References

https://www.libreoffice.org/about-us/security/advisories/cve-2025-14714