Cyber Resilience

CVE-2023-6186

High

Published: 11 December 2023

Published
11 December 2023
Modified
13 February 2025
KEV Added
Patch
CVSS Score v3.1 8.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H
EPSS Score 0.0099 77.3th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-6186 is a high-severity Improper Preservation of Permissions (CWE-281) vulnerability in Libreoffice Libreoffice. Its CVSS base score is 8.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 22.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the…

more

user.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1059.005 Visual Basic Execution
Adversaries may abuse Visual Basic (VB) for execution.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

CVE-2023-6186 enables arbitrary macro/script execution without user warning in LibreOffice via malicious documents/hyperlinks, facilitating client application exploitation (T1203), Visual Basic-like macro execution (T1059.005), and user execution of malicious files (T1204.002).

Affected Assets

libreoffice
libreoffice
7.5.0 — 7.5.9 · 7.6.0 — 7.6.4
fedoraproject
fedora
38
debian
debian linux
11.0, 12.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-281

Forces removal or modification of permissions no longer required after reassignment, preventing improper preservation of old access rights.

References