{"id":8849,"date":"2025-07-24T05:50:18","date_gmt":"2025-07-24T05:50:18","guid":{"rendered":"http:\/\/localhost\/?p=8849"},"modified":"2025-07-24T05:50:18","modified_gmt":"2025-07-24T05:50:18","slug":"onlyoffice-docs-110-220-missing-authorization-to-unauthenticated-privilege-escalation-via-callback-f","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=8849","title":{"rendered":"ONLYOFFICE Docs 1.1.0 &#8211; 2.2.0 &#8211; Missing Authorization to Unauthenticated Privilege Escalation via callback Function"},"content":{"rendered":"<div style=\"font-family: Arial, sans-serif; max-width: 1200px; margin: 0 auto;\">\n<h2 style=\"color: #333; border-bottom: 2px solid #cc0000; padding-bottom: 10px;\">CVE Details<\/h2>\n<div style=\"display: grid; grid-template-columns: repeat(auto-fit, minmax(300px, 1fr)); gap: 20px; margin-bottom: 20px;\">\n<div style=\"padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1);\">\n<h3 style=\"margin-top: 0; \">Basic Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse;\">\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Title<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">ONLYOFFICE Docs 1.1.0 &#8211; 2.2.0 &#8211; Missing Authorization to Unauthenticated Privilege Escalation via callback Function<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Type<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">cve<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Published<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">2025-07-24T09:22:17.749Z<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Modified<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">2025-07-24T09:22:17.749Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<div style=\"padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1);\">\n<h3 style=\"margin-top: 0; \">Product Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse;\">\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Vendor<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">onlyoffice<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Product<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">ONLYOFFICE Docs<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Version<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">1.1.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n<div style=\"padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); margin-bottom: 20px;\">\n<h3 style=\"margin-top: 0; \">CVSS Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse;\">\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Base Score<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd; color: #cc0000; font-weight: bold;\">9.8 (CRITICAL)<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Attack Vector<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<div style=\"padding: 15px; border-radius: 5px; margin-bottom: 20px;\">\n<h4 style=\"margin-top: 0; \">Affected Products<\/h4>\n<ul style=\"margin: 0; padding-left: 20px;\">\n<li>onlyoffice ONLYOFFICE Docs 1.1.0<\/li>\n<\/ul>\n<\/div>\n<div style=\"padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); margin-bottom: 20px;\">\n<h3 style=\"margin-top: 0; \">Additional Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse;\">\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">CWE List<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">CWE-862<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Source<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">Wordfence<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<div style=\"padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); margin-bottom: 20px;\">\n<h3 style=\"margin-top: 0; \">Description<\/h3>\n<div style=\"padding: 15px; border-left: 4px solid #4CAF50; \">The ONLYOFFICE Docs plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its oo.callback REST endpoint in versions 1.1.0 to 2.2.0. The plugin\u2019s permission callback only verifies that the supplied, encrypted attachment ID maps to an existing attachment post, but does not verify the requester\u2019s identity or capabilities. This makes it possible for unauthenticated attackers to log in as an arbitrary user.<\/div>\n<\/div>\n<div style=\"padding: 15px; border-radius: 5px; margin-bottom: 20px;\">\n<h4 style=\"margin-top: 0; \">References<\/h4>\n<ul style=\"margin: 0; padding-left: 20px;\">\n<li><a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/608b0506-074b-4df3-8c30-57cfb090f553?source=cve\" target=\"_blank\">https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/608b0506-074b-4df3-8c30-57cfb090f553?source=cve<\/a><\/li>\n<li><a href=\"https:\/\/plugins.trac.wordpress.org\/browser\/onlyoffice\/tags\/2.2.0\/public\/views\/class-onlyoffice-plugin-callback.php#L57\" target=\"_blank\">https:\/\/plugins.trac.wordpress.org\/browser\/onlyoffice\/tags\/2.2.0\/public\/views\/class-onlyoffice-plugin-callback.php#L57<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/onlyoffice\/#developers\" target=\"_blank\">https:\/\/wordpress.org\/plugins\/onlyoffice\/#developers<\/a><\/li>\n<li><a href=\"https:\/\/plugins.trac.wordpress.org\/browser\/onlyoffice\/tags\/2.2.0\/public\/class-onlyoffice-plugin-public.php#L111\" target=\"_blank\">https:\/\/plugins.trac.wordpress.org\/browser\/onlyoffice\/tags\/2.2.0\/public\/class-onlyoffice-plugin-public.php#L111<\/a><\/li>\n<\/ul>\n<\/div>\n<div style=\"text-align: center; margin-top: 30px;\">\n<a href=\"\" target=\"_blank\" style=\"display: inline-block; background-color: #4CAF50; color: white; padding: 12px 24px; text-decoration: none; border-radius: 4px; font-weight: bold; transition: background-color 0.3s;\">View Full CVE Details<\/a>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>CVE Details Basic Information Title ONLYOFFICE Docs 1.1.0 &#8211; 2.2.0 &#8211; Missing Authorization to Unauthenticated Privilege Escalation via callback Function Type cve Published 2025-07-24T09:22:17.749Z Modified&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[9,6,8,35,12,13,7,11,5],"class_list":["post-8849","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>ONLYOFFICE Docs 1.1.0 - 2.2.0 - Missing Authorization to Unauthenticated Privilege Escalation via callback Function - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=8849\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ONLYOFFICE Docs 1.1.0 - 2.2.0 - Missing Authorization to Unauthenticated Privilege Escalation via callback Function - zero redgem\" \/>\n<meta property=\"og:description\" content=\"CVE Details Basic Information Title ONLYOFFICE Docs 1.1.0 &#8211; 2.2.0 &#8211; Missing Authorization to Unauthenticated Privilege Escalation via callback Function Type cve Published 2025-07-24T09:22:17.749Z Modified...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=8849\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-24T05:50:18+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=8849#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=8849\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"ONLYOFFICE Docs 1.1.0 &#8211; 2.2.0 &#8211; Missing Authorization to Unauthenticated Privilege Escalation via callback Function\",\"datePublished\":\"2025-07-24T05:50:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=8849\"},\"wordCount\":209,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CRITICAL\",\"CVE\",\"CVSS\",\"CVSS-9.8\",\"exploit\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=8849#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=8849\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=8849\",\"name\":\"ONLYOFFICE Docs 1.1.0 - 2.2.0 - Missing Authorization to Unauthenticated Privilege Escalation via callback Function - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-07-24T05:50:18+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=8849#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=8849\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=8849#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ONLYOFFICE Docs 1.1.0 &#8211; 2.2.0 &#8211; Missing Authorization to Unauthenticated Privilege Escalation via callback Function\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ONLYOFFICE Docs 1.1.0 - 2.2.0 - Missing Authorization to Unauthenticated Privilege Escalation via callback Function - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=8849","og_locale":"en_US","og_type":"article","og_title":"ONLYOFFICE Docs 1.1.0 - 2.2.0 - Missing Authorization to Unauthenticated Privilege Escalation via callback Function - zero redgem","og_description":"CVE Details Basic Information Title ONLYOFFICE Docs 1.1.0 &#8211; 2.2.0 &#8211; Missing Authorization to Unauthenticated Privilege Escalation via callback Function Type cve Published 2025-07-24T09:22:17.749Z Modified...","og_url":"https:\/\/zero.redgem.net\/?p=8849","og_site_name":"zero redgem","article_published_time":"2025-07-24T05:50:18+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=8849#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=8849"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"ONLYOFFICE Docs 1.1.0 &#8211; 2.2.0 &#8211; Missing Authorization to Unauthenticated Privilege Escalation via callback Function","datePublished":"2025-07-24T05:50:18+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=8849"},"wordCount":209,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CRITICAL","CVE","CVSS","CVSS-9.8","exploit","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=8849#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=8849","url":"https:\/\/zero.redgem.net\/?p=8849","name":"ONLYOFFICE Docs 1.1.0 - 2.2.0 - Missing Authorization to Unauthenticated Privilege Escalation via callback Function - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-07-24T05:50:18+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=8849#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=8849"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=8849#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"ONLYOFFICE Docs 1.1.0 &#8211; 2.2.0 &#8211; Missing Authorization to Unauthenticated Privilege Escalation via callback Function"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/8849","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8849"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/8849\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8849"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8849"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8849"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}