{“lastseen”:””,”description”:”An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions\u00a0granted by the user to the main application bundle\\n\\n\\n\\n\\nBy executing the bundled interpreter directly the attacker’s scripts run with the application’s TCC\u00a0privileges\\n\\n\\n\\n\\nIn fixed versions parent-constraints are used to allow only the main application to launch interpreter with those permissions\\n\\nThis issue affects LibreOffice on macOS: from 25.2 before \\u003c 25.2.4.”,”published”:”2025-12-15T10:30:55.796Z”,”modified”:”2025-12-15T10:30:55.796Z”,”type”:”cve”,”title”:”TCC Bypass via Inherited Permissions in Bundled Interpreter”,”source”:”Document Fdn.”,”references”:”https:\/\/www.libreoffice.org\/about-us\/security\/advisories\/cve-2025-14714″,”id”:”CVE-2025-14714″,”bulletinFamily”:””,”cwe”:[“CWE-288″],”cvelist”:null,”sourceData”:”The Document Foundation LibreOffice 25.2″,”sourceHref”:””,”cvss”:{“score”:0.9,”severity”:”LOW”,”vector”:”CVSS:4.0\/AV:L\/AC:L\/AT:P\/PR:L\/UI:N\/VC:N\/VI:N\/VA:N\/SC:H\/SI:N\/SA:N\/E:U”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”LibreOffice”,”version”:”25.2″,”vendor”:”The Document Foundation”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions\u00a0granted by the user to…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,176,12,71,13,7,11,5],"class_list":["post-31115","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-09","tag-exploit","tag-low","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n