Summary: The Document Foundation has issued security updates for LibreOffice to rectify a critical vulnerability (CVE-2025-1080) that could enable attackers to execute arbitrary scripts. This issue affects LibreOffice versions prior to 24.8.5 and 25.2.1 and results from the manipulation of an Office URI Scheme feature. Users are urged to upgrade promptly to mitigate potential risks, including data theft and malware installation.
Affected: LibreOffice
Keypoints :
- Vulnerability tracked as CVE-2025-1080 with a CVSS score of 7.2.
- Affects versions prior to 24.8.5 and 25.2.1.
- Flaw allows attackers to construct malicious links that trigger the execution of harmful macros.
- Upgrade to fixed versions is recommended to block exploitation of this vulnerability.
- Reported by Amel Bouziane-Leblond, who followed responsible disclosure practices.
Views: 23
简体中文
Nederlands
Français
Bahasa Indonesia
日本語
Português