CVE-2025-29867 is a type confusion vulnerability categorized under CWE-843 that affects Hancom Inc.'s Hancom Office suite versions 2018, 2020, 2022, and 2024 prior to specified build numbers. The vulnerability arises from improper handling of resource types within the software, allowing an attacker to access resources using incompatible types. This flaw enables file content injection, which can lead to arbitrary code execution, data corruption, or unauthorized modification of files. The vulnerability requires local access and user interaction but does not require authentication or elevated privileges, making it a significant risk in environments where users may open malicious files or be tricked into interacting with crafted content. The CVSS 4.0 vector indicates low attack complexity and no privileges required, but user interaction is necessary. The vulnerability impacts confidentiality, integrity, and availability at a high level, reflecting the potential for severe consequences if exploited. Although no known exploits are currently reported in the wild, the lack of available patches at the time of reporting necessitates proactive defensive measures. The vulnerability affects multiple versions of Hancom Office, a widely used office productivity suite, particularly in South Korea and other markets where Hancom products have notable penetration.

The vulnerability poses a significant risk to organizations using Hancom Office, as successful exploitation can lead to arbitrary code execution, enabling attackers to execute malicious payloads, escalate privileges, or disrupt business operations. File content injection can compromise the integrity of documents and potentially leak sensitive information, impacting confidentiality. Availability may also be affected if the injected content causes application crashes or system instability. The requirement for local access and user interaction limits remote exploitation but does not eliminate risk, especially in environments where users frequently exchange files or use removable media. Organizations with high reliance on Hancom Office for document processing, particularly in government, finance, and critical infrastructure sectors, face increased exposure. The absence of known exploits currently provides a window for mitigation, but the high CVSS score underscores the urgency of addressing the vulnerability before it is weaponized.

1. Restrict local file access permissions to limit exposure to untrusted files and users. 2. Educate users about the risks of opening files from untrusted sources and the importance of cautious interaction with documents. 3. Monitor and audit file system and application logs for unusual file modifications or access patterns indicative of exploitation attempts. 4. Implement application whitelisting and endpoint detection and response (EDR) solutions to detect anomalous behaviors related to file content injection. 5. Once available, promptly apply official patches or updates from Hancom Inc. to remediate the vulnerability. 6. Consider isolating or sandboxing Hancom Office usage in high-risk environments to contain potential exploitation. 7. Employ network segmentation to reduce the risk of lateral movement if exploitation occurs. 8. Maintain regular backups of critical documents to enable recovery from potential data corruption or loss.