BSSA-2025-07

Date 2025-12-09
Severity reported "critical", BlueSpice assessment: low
Affected Services in current LTS version < 5.1.4
Fixed in 5.1.4
CVE CVE-2025-66516

Problem

Impact assessment

  • Service bluespice/search
    • A manipulated PDF file needs to be uploaded to the wiki, which usually requires an authenticated user context. The service runs only in the background and can not be accessed from outside the virtual network. It has limited access to the host system.

Solution

To mitigate CVE-2025-66516 , make sure the service has no access to the internet. This is the default configuration of BlueSpice setups.

Update to version 5.1.4 of the BlueSpice images.

Retrieved from "https://en.wiki.bluespice.com/w/index.php?title=Security:Security_Advisories/BSSA-2025-07&oldid=13660"