CVE-2025-66208

by Fred · 03/12/2025

Collabora Online – Built-in CODE Server (richdocumentscode) provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxy. Users of Nextcloud with Collabora Online – Built-in CODE Server app can be vulnerable to attack via proxy.php and an intermediate reverse proxy. This vulnerability is fixed in 25.04.702.

More information : https://github.com/CollaboraOnline/online/security/advisories/GHSA-j3q6-q5pc-v5wf

CVE-2025-66208

Similar

Recent Posts

Categories

CVE-2025-66208

Share this:

Similar

Recent Posts

Categories

Tags