cbcvebase.
CVE-2025-1080
published 2025-03-04

CVE-2025-1080: LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command'…

PriorityP340high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.29%
20.8th percentile
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments. This issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1.

Affected

10 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debianlibreoffice< libreoffice 4:7.4.7-1+deb12u7 (bookworm)libreoffice 4:7.4.7-1+deb12u7 (bookworm)
libreofficelibreoffice>= 0 < 1:7.0.4-4+deb11u131:7.0.4-4+deb11u13
libreofficelibreoffice>= 0 < 4:7.4.7-1+deb12u74:7.4.7-1+deb12u7
libreofficelibreoffice>= 0 < 4:24.8.5-14:24.8.5-1
libreofficelibreoffice>= 0 < 4:24.8.5-14:24.8.5-1
libreofficelibreoffice>= 24.8.0.0 < 24.8.5.124.8.5.1
libreofficelibreoffice>= 25.2.0.0 < 25.2.1.125.2.1.1
the_document_foundationlibreoffice>= 24.8 < < 24.8.5< 24.8.5
the_document_foundationlibreoffice>= 25.2 < < 25.2.1< 25.2.1

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv4.07.2HIGHCVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv7.2HIGH
vendor_debian7.2HIGH
vendor_redhat7.2HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.