oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2025-64403: Apache OpenOffice: Remote documents loaded without prompt via "external data sources" in Calc

From: Arrigo Marchiori <ardovm () apache org>
Date: Tue, 11 Nov 2025 22:36:57 +0000
Severity: moderate 

Affected versions:

- Apache OpenOffice through 4.1.15

Description:

Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing 
Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links 
to be loaded without prompt.

This issue affects Apache OpenOffice: through 4.1.15.

Users are recommended to upgrade to version 4.1.16, which fixes the issue.

Credit:

Reginaldo Silva of ubercomp.com (finder)

References:

https://www.openoffice.org/security/cves/CVE-2025-64403.html
https://openoffice.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-64403
Previous By Date Next
Previous By Thread Next

Current thread: