CVE-2025-10777 is a medium-severity path traversal vulnerability found in the JSC R7 R7-Office Document Server, specifically affecting versions up to 20250820. The vulnerability resides in an unspecified function related to the /downloadas/ file path, where manipulation of the 'cmd' argument can lead to unauthorized path traversal. This flaw allows an attacker to remotely craft requests that traverse directories on the server, potentially accessing files outside the intended directory scope. Although the exact impact on confidentiality and integrity depends on the server's file system permissions and configuration, path traversal vulnerabilities generally risk unauthorized disclosure of sensitive files or server-side information. The vendor has confirmed the vulnerability and released a patch in version 2025.3.1.923, which mitigates the issue by ensuring proper error handling and preventing exploitation. Notably, the vulnerability requires no user interaction and no authentication, increasing its risk profile. However, the attack complexity is low, and the vulnerability does not affect availability directly. The R7-Office Document Server is a fork of OpenOffice, but the OpenOffice team has not been able to reproduce this issue in their codebase, suggesting this vulnerability is specific to the JSC R7 fork. No known exploits are currently reported in the wild.

For European organizations using the JSC R7 R7-Office Document Server, this vulnerability poses a risk of unauthorized access to sensitive files on document servers, potentially exposing confidential business documents or internal configuration files. Given that document servers often handle critical corporate data and collaborative documents, exploitation could lead to data leakage, intellectual property theft, or exposure of credentials and configuration details. The remote and unauthenticated nature of the vulnerability increases the threat, especially for publicly accessible document servers. However, the medium CVSS score and the vendor's indication that exploitation attempts return proper error responses suggest that exploitation may be somewhat limited or detectable. Still, organizations in sectors with high regulatory requirements for data protection (e.g., finance, healthcare, government) could face compliance risks if sensitive data is exposed. The impact on integrity and availability is limited, but confidentiality breaches could have reputational and operational consequences.

European organizations should prioritize upgrading the JSC R7 R7-Office Document Server to version 2025.3.1.923 or later, where the vulnerability is patched. In addition to patching, organizations should implement strict access controls on document server endpoints, especially the /downloadas/ path, to restrict access to trusted users and networks. Deploying web application firewalls (WAFs) with rules to detect and block path traversal patterns in HTTP requests can provide an additional layer of defense. Regularly auditing server logs for unusual access patterns targeting the 'cmd' parameter or the /downloadas/ endpoint can help detect attempted exploitation. Network segmentation to isolate document servers from the broader corporate network reduces the blast radius if exploitation occurs. Finally, organizations should review file system permissions to ensure that the document server process has the minimum necessary privileges, limiting the potential impact of path traversal.