Online
CVE-2021-25630
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of "loolforkit" this check was wrong, so a normal user could start "loolforkit" and eventually get local root privileges.
AnalysisAI
"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. "loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of "loolforkit" this check was wrong, so a normal user could start "loolforkit" and eventually get local root privileges. Affected products include: Collaboraoffice Online.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.
Collabora Online - Built-in CODE Server (richdocumentscode) provides a built-in server with all of the document editing
Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated medium severity (CVSS 5.3
Collabora Online is a collaborative online office suite. Rated high severity (CVSS 7.5), this vulnerability is remotely
Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated medium severity (CVSS 6.1
Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated medium severity (CVSS 6.1
Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated medium severity (CVSS 6.1
Collabora Online is a collaborative online office suite. Rated medium severity (CVSS 6.1), this vulnerability is remotel
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today