Primary

Context

Apache OpenOffice Missing Authorization Vulnerability Allows Unprompted Loading of External Links via OLE Objects

Vulnerability

A missing authorization vulnerability in Apache OpenOffice documents through version 4.1.15 allows external links to be loaded without user permission. This issue arises when documents contain OLE objects linked to external files, which are accessed automatically without prompting the user. Users are advised to upgrade to Apache OpenOffice 4.1.16, which addresses this vulnerability.

Impact

Exploitation of this vulnerability leads to external files being loaded into the OpenOffice document without user consent, potentially allowing for unauthorized access to sensitive information or files.

Remediation

Users should upgrade to Apache OpenOffice version 4.1.16, available on the Apache OpenOffice download page.

Added: Nov 12, 2025, 9:18 AM

Updated: Nov 12, 2025, 6:15 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.4

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.4

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache OpenOffice Missing Authorization Vulnerability Allows Unprompted Loading of External Links via OLE Objects

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating