CVE-2025-29867 is a type confusion vulnerability (CWE-843) identified in Hancom Inc.'s Hancom Office suite versions 2018 through 2024 prior to specific patch levels. Type confusion occurs when a program accesses a resource using an incompatible type, leading to unexpected behavior. In this case, the vulnerability enables file content injection, which can allow an attacker to manipulate or inject malicious content into files processed by the application. The vulnerability is exploitable locally (Attack Vector: Local) and requires user interaction (UI:P), but does not require privileges or authentication, making it accessible to any user with local access who can trick a user into opening a crafted file. The CVSS 4.0 vector indicates high impact on confidentiality, integrity, and availability (VC:H/VI:H/VA:H), meaning successful exploitation could lead to full compromise of data and system stability. The vulnerability affects multiple versions of Hancom Office, a popular office productivity suite especially in South Korea and parts of Asia, but also used in some European organizations. No patches were linked in the provided data, but affected versions are clearly identified, indicating that vendors likely have or will release fixes. No known exploits in the wild have been reported yet, but the high CVSS score suggests that exploitation could be severe if weaponized. The vulnerability's exploitation involves tricking a user into opening a malicious file, which then triggers the type confusion bug to inject or manipulate file content, potentially leading to code execution or data corruption.

For European organizations, the impact of CVE-2025-29867 can be significant, especially for those relying on Hancom Office for document processing. Successful exploitation could lead to unauthorized modification or injection of malicious content into documents, potentially enabling further malware execution, data leakage, or disruption of business operations. Confidentiality is at risk if sensitive documents are altered or exfiltrated. Integrity is compromised due to unauthorized file content injection, which can undermine trust in document authenticity. Availability may also be affected if the injected content leads to application crashes or system instability. Organizations in sectors such as government, finance, legal, and critical infrastructure that handle sensitive documents are particularly vulnerable. The requirement for local access and user interaction limits remote exploitation but does not eliminate risk, especially in environments where users frequently exchange files or use removable media. The absence of known exploits in the wild provides a window for proactive mitigation, but the high CVSS score indicates that once exploited, the consequences could be severe.

1. Apply patches promptly once Hancom Inc. releases updates for affected versions (2018 before 10.0.0.12681, 2020 before 11.0.0.8916, 2022 before 12.0.0.4426, 2024 before 13.0.0.3050). 2. Restrict local user permissions to limit the ability to open untrusted files, especially from external sources or removable media. 3. Implement application whitelisting to prevent execution of unauthorized or suspicious files. 4. Educate users on the risks of opening files from unknown or untrusted sources and encourage verification of file origins. 5. Employ endpoint detection and response (EDR) solutions to monitor for anomalous file modifications or injection attempts. 6. Use document sandboxing or isolated environments for opening files from untrusted sources. 7. Regularly audit and monitor file integrity on critical systems to detect unauthorized changes. 8. Limit the use of Hancom Office to trusted environments or consider alternative office suites if patching is delayed. 9. Maintain up-to-date backups to recover from potential data corruption or ransomware scenarios linked to exploitation.