CVE-2025-0514 — Improper Input Validation in Document Foundation Libreoffice

CWE-20 — Improper Input Validation6 documents6 sources

Severity

7.2HIGHNVD

EPSS

0.2%

top 58.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

THE Document Foundation Libreoffice Libreoffice

Timeline

PublishedFeb 25

Latest updateFeb 26

Description

Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.This issue affects LibreOffice: from 24.8 before < 24.8.5.

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H

Affected Packages2 packages

▶CVEListV5the_document_foundation/libreoffice24.8 — < 24.8.5

▶NVDlibreoffice/libreoffice24.8.0.0 — 24.8.5.1

🔴Vulnerability Details

GHSA

GHSA-f6mr-g7jq-gx82: Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditiona↗2025-02-26

▶

CVEList

Executable hyperlink Windows path targets executed unconditionally on activation↗2025-02-25

▶

OSV

CVE-2025-0514: Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditiona↗2025-02-25

▶

📋Vendor Advisories

Red Hat

libreoffice: Executable hyperlink Windows path targets executed unconditionally on activation↗2025-02-25

▶

Debian

CVE-2025-0514: libreoffice - Improper Input Validation vulnerability in The Document Foundation LibreOffice a...↗2025

▶