Primary

Context

The Document Foundation LibreOffice Unconditional Execution of Executable Hyperlink Targets on Windows

Vulnerability

Patched

A vulnerability in The Document Foundation LibreOffice allows Windows executable hyperlink targets to be executed unconditionally upon activation. This issue arises from improper input validation, where non-file URLs could be misinterpreted as Windows file paths, bypassing LibreOffice's safeguards against launching executables. The vulnerability affects LibreOffice versions prior to 24.8.5.

Impact

Exploitation of this vulnerability allows for the unconditional execution of Windows executable files via hyperlinks in LibreOffice documents.

Remediation

Users are advised to upgrade to LibreOffice version 24.8.5 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

The Document Foundation LibreOffice Unconditional Execution of Executable Hyperlink Targets on Windows

Vulnerability

Impact

Remediation

Affected Products

The Document Foundation LibreOffice

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating