CVE-2025-64766
中文标题:
(暂无数据)
英文标题:
NixOS has hardcoded credentials in Onlyoffice module
漏洞描述
中文描述:
(暂无数据)
英文描述:
NixOS's Onlyoffice is a software suite that offers online and offline tools for document editing, collaboration, and management. In versions from 22.11 to before 25.05 and versions before Unstable 25.11, a hard-coded secret was used in the NixOS module for the OnlyOffice document server to protect its file cache. An attacker with knowledge of an existing revision ID could use this secret to obtain a document. In practice, an arbitrary revision ID should be hard to obtain. The primary impact is likely the access to known documents from users with expired access. This issue was resolved in NixOS unstable version 25.11 and version 25.05.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| NixOS | nixpkgs | >= 22.11, < 25.05 | - | - |
cpe:2.3:a:nixos:nixpkgs:>=_22.11,_<_25.05:*:*:*:*:*:*:*
|
| NixOS | nixpkgs | < Unstable 25.11 | - | - |
cpe:2.3:a:nixos:nixpkgs:<_unstable_25.11:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
cve.org
cve.org
cve.org
cve.org
CVSS评分详情
3.1 (cna)
MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-64766 |
2025-11-19 04:05:47 | 2026-01-12 02:12:20 |
| NVD | nvd_CVE-2025-64766 |
2025-11-19 04:07:44 | 2026-01-12 02:28:01 |
版本与语言
安全公告
变更历史
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']