Summary: A critical security vulnerability (CVE-2025-0514) in LibreOffice has been identified and patched, which could allow attackers to execute malicious files on Windows systems through compromised hyperlinks. The flaw, affecting versions before 24.8.5, exploited improper URL validation that allowed non-file URLs to be treated as executable file paths. The patched version introduces stronger validation measures to secure the software against such exploits, emphasizing the need for users to update promptly.
Affected: LibreOffice (versions before 24.8.5)
Keypoints :
- Vulnerability allows execution of arbitrary code via crafted hyperlinks in documents.
- Fixed in version 24.8.5 released on February 25, 2025, which enhances URL validation.
- Users are urged to update immediately to mitigate risks from phishing and document-based attacks.
- Researchers highlight the importance of scrutinizing unsolicited documents and educating users against social engineering.
Source: https://gbhackers.com/libreoffice-flaws/
Views: 22