CVE-2025-31672
Improper Input Validation vulnerability in poi-ooxml (Maven)
What is CVE-2025-31672 About?
This vulnerability in Apache POI involves improper input validation during the parsing of OOXML format files. Malicious users can craft zip files with duplicate entry names, leading to different data being read by products and potential data integrity issues. Exploitation involves supplying a specially crafted file and is of moderate complexity.
Affected Software
Technical Details
The vulnerability arises in Apache POI's handling of OOXML files (e.g., xlsx, docx, pptx), which are essentially zip archives. Attackers can create malformed OOXML files that contain multiple zip entries with identical names, including their paths. When Apache POI or products using it parse such a file, the ambiguity of duplicate entry names means that different products, or even different versions/configurations of the same product, might select a different entry when attempting to access that specific 'file' within the zip. This inconsistency can lead to data integrity issues or allow attackers to control which data is presented or processed, depending on the victim's parsing software.
What is the Impact of CVE-2025-31672?
Successful exploitation may allow attackers to cause data integrity issues, leading to incorrect information being processed or displayed, and potentially evading security checks.
What is the Exploitability of CVE-2025-31672?
Exploitation requires the attacker to craft a malformed OOXML file with duplicate zip entry names. The complexity is moderate, as it involves knowledge of the OOXML file structure and zip archive specifications. There are no explicit authentication or privilege requirements to exploit this, as it typically involves a user processing a malicious file. This is fundamentally a local vulnerability, as it requires a victim to open or process the crafted file. Special conditions involve the target application using affected versions of Apache POI and processing user-supplied OOXML files. The likelihood of exploitation increases in environments where users frequently handle untrusted documents.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2025-31672?
Available Upgrade Options
- org.apache.poi:poi-ooxml
- <5.4.0 → Upgrade to 5.4.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://bz.apache.org/bugzilla/show_bug.cgi?id=69620
- https://security.netapp.com/advisory/ntap-20250523-0004/
- https://github.com/apache/poi
- https://lists.apache.org/thread/k14w8vcjqy4h34hh5kzldko78kpylkq5
- https://osv.dev/vulnerability/GHSA-gmg8-593g-7mv3
- https://lists.apache.org/thread/k14w8vcjqy4h34hh5kzldko78kpylkq5
- http://www.openwall.com/lists/oss-security/2025/04/08/2
- https://security.netapp.com/advisory/ntap-20250523-0004
- https://bz.apache.org/bugzilla/show_bug.cgi?id=69620
- http://www.openwall.com/lists/oss-security/2025/04/08/2
What are Similar Vulnerabilities to CVE-2025-31672?
Similar Vulnerabilities: CVE-2021-44832 , CVE-2020-13953 , CVE-2019-12415 , CVE-2018-11776 , CVE-2017-9800
