Improper Input Validation in LibreOffice by The Document Foundation
CVE-2025-0514

7.2HIGH

Key Information:

Vendor: The Document Foundation
Status: Libreoffice
Vendor: CVE Published:; 25 February 2025

Summary

An improper input validation vulnerability in LibreOffice allows activation of Windows Executable hyperlink targets without proper safeguards. This can lead to unintentional execution of potentially harmful programs or scripts upon clicking malicious links. The issue is pertinent to LibreOffice versions prior to 24.8.5, making it crucial for users to update their software to mitigate risks associated with this vulnerability.

Affected Version(s)

LibreOffice 24.8

References

https://www.libreoffice.org/about-us/security/advisories/...

CVSS V4

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Feb 25, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

Amel Bouziane-Leblond