CVE-2025-1080

High CVSS: 7.2

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments.
This issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1.

Vendor

Libreoffice

Product

Libreoffice

CWE

CWE-20

Yayın Tarihi

2025-03-04 20:15:36

Güncelleme

2025-12-10 18:26:24

Source Identifier

security@documentfoundation.org

KEV Date Added

Kategoriler

CWE-20 Libreoffice HIGH Libreoffice 2025

Referanslar

https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080 https://lists.debian.org/debian-lts-announce/2025/06/msg00002.html

Benzer Kayıtlar

Low

CVE-2025-14714

An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the T…

Low

CVE-2025-2866

Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper…

Medium

CVE-2021-25635

An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with…

High

CVE-2025-0514

Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targ…

Medium

CVE-2024-12426

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document…

Low

CVE-2024-12425

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation…