Path Traversal in Collaboraonline Online

CVE-2025-27791

Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckFileInfo BaseFileName field returned from…

EPSS: 0.012 (78.9th percentile) — read the EPSS interpretation.

Affected products

Collaboraonline Online — versions >= 24.04.1.1, < 24.04.13.1, >= 23.05.0, < 23.05.19, < 22.05.25

Weakness classification (CWE)

CWE-23 — Relative Path Traversal

References

https://github.com/CollaboraOnline/online/security/advisories/GHSA-9j32-gg3j-8w25 (x_refsource_CONFIRM)