Primary

Context

Apache OpenOffice Missing Authorization Vulnerability Allows Unprompted Loading of External Links

Vulnerability

A missing authorization vulnerability in Apache OpenOffice documents prior to version 4.1.16 allowed external links to be loaded without user permission. This issue affected documents using background fill images or bullet images linked to external files, which would automatically load the contents of those files without prompting the user. The vulnerability is present in Apache OpenOffice versions through 4.1.15.

Impact

Exploitation of this vulnerability could lead to unprompted loading of external files, potentially causing privacy concerns or other issues depending on the nature of the loaded content.

Remediation

Users are advised to upgrade to Apache OpenOffice version 4.1.16, which addresses this vulnerability. The latest version can be downloaded from the Apache OpenOffice download page.

Added: Nov 12, 2025, 9:17 AM

Updated: Nov 12, 2025, 6:13 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.4

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.4

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache OpenOffice Missing Authorization Vulnerability Allows Unprompted Loading of External Links

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating