Bug 2358619 (CVE-2025-31672)
| Summary: | CVE-2025-31672 org.apache.poi/poi-ooxml: Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | adupliak, asoldano, bbaranow, bmaxwell, brian.stansberry, cdewolf, chfoley, cmiranda, darran.lofthouse, dhanak, dkreling, dosoudil, ecerquei, eric.wittmann, fjuma, gmalinko, ibek, istudens, ivassile, iweiss, janstey, jcantril, jrokos, jscholz, kverlaen, lgao, mnovotny, mosmerov, msochure, msvehla, nipatil, nwallace, pantinor, pcongius, pdelbell, periklis, pesilva, pjindal, pmackay, porcelli, rguimara, rkubis, rojacob, rstancel, rstepani, smaestri, swoodman, tom.jenkinson |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Apache POI's poi-ooxml component. This vulnerability allows attackers to manipulate file parsing behavior via specially crafted OOXML files containing ZIP entries with duplicate file names. Different systems can interpret these files differently, leading to inconsistent data processing or security issues.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2025-04-09 13:01:10 UTC
|