CVE-2025-2866 is a cryptographic signature verification vulnerability in LibreOffice, specifically impacting the handling of adbe.pkcs7.sha1 signatures within PDF documents. The flaw is due to improper validation logic that can cause LibreOffice to accept invalid cryptographic signatures as valid, enabling an attacker to spoof PDF signatures. This undermines the trust model for digitally signed PDFs, potentially allowing malicious actors to present forged documents as legitimately signed. The vulnerability affects LibreOffice versions starting from 24.8 up to but not including 24.8.6, and from 25.2 up to but not including 25.2.2. Exploitation requires local access with low privileges and user interaction, such as opening a maliciously crafted PDF file. The CVSS 4.0 base score is 2.4, reflecting low severity due to limited impact and exploitation complexity. No known exploits have been reported in the wild, and no patches are linked in the provided data, but updates to fixed versions are recommended. The issue relates to CWE-347, which concerns improper verification of cryptographic signatures, a critical aspect of document security and authenticity verification.

For European organizations, the primary impact is the potential for attackers to deceive users by presenting forged PDF documents that appear to have valid digital signatures. This can undermine trust in official documents, contracts, or communications, potentially leading to misinformation, fraud, or unauthorized actions based on spoofed documents. While the vulnerability does not directly compromise system confidentiality, integrity, or availability, it affects the integrity and authenticity of signed documents, which can have legal and operational consequences. Organizations relying heavily on LibreOffice for document handling, especially in regulated sectors such as government, legal, and finance, may face increased risk of document forgery attacks. The low severity and requirement for user interaction limit widespread exploitation, but targeted attacks against high-value targets remain a concern.

1. Immediately update LibreOffice installations to versions 24.8.6 or later and 25.2.2 or later where the vulnerability is fixed. 2. Implement strict document handling policies that include verifying digital signatures using multiple tools or trusted external validators beyond LibreOffice's built-in verification. 3. Educate users about the risks of opening PDF documents from untrusted sources and encourage skepticism of unexpected signed documents. 4. Employ endpoint security solutions that can detect and block malicious PDF files or suspicious document manipulations. 5. For critical workflows, consider integrating cryptographic signature verification tools that adhere to stricter validation standards. 6. Monitor security advisories from The Document Foundation and related cybersecurity entities for updates or exploit reports. 7. Restrict local user privileges where possible to reduce the risk of exploitation requiring local access.