Primary

Context

Apache OpenOffice Missing Authorization Vulnerability Allows Unprompted Loading of External Links

Vulnerability

A missing authorization vulnerability in Apache OpenOffice documents through version 4.1.15 allowed external links to be loaded without user permission. This issue arises with 'floating frames' linked to external files, which would automatically load their contents, bypassing any prompt. The vulnerability has been reported by the LibreOffice suite as CVE-2023-2255.

Impact

Exploitation of this vulnerability could lead to unprompted loading of external content, potentially allowing for phishing attacks or the delivery of malicious payloads, according to the Apache OpenOffice Security Team.

Remediation

Users are advised to upgrade to Apache OpenOffice version 4.1.16, which addresses this vulnerability. The latest version can be downloaded from the Apache OpenOffice download page.

Added: Nov 12, 2025, 9:19 AM

Updated: Nov 12, 2025, 6:16 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache OpenOffice Missing Authorization Vulnerability Allows Unprompted Loading of External Links

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating