How severe is CVE-2021-25636?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2021-25636?

This is classified as CWE-347, which is a common weakness in software security.

CVE-2021-25636

HIGH Year: 2021

CVSS v3 Score

7.5

High

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-347

View all →

Vulnerability Description

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag, which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5.

CVE-2002-1706

HIGH

CVSS:7.5(High)

Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) ...

CWE-3472002

CVE-2005-2181

HIGH

CVSS:7.5(High)

Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such...

CWE-3472005

CVE-2005-2182

HIGH

CVSS:7.5(High)

Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoo...

CWE-3472005

CVE-2015-7336

HIGH

CVSS:7.5(High)

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and pr...

CWE-3472015

CVE-2016-1000338

HIGH

CVSS:7.5(High)

In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up th...

CWE-3472016

CVE-2016-1000342

HIGH

CVSS:7.5(High)

In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up ...

CWE-3472016

CVE-2021-25636

Vulnerability Description

Related Vulnerabilities

CVE-2002-1706

CVE-2005-2181

CVE-2005-2182

CVE-2015-7336

CVE-2016-1000338

CVE-2016-1000342