CVE-2025-1080

04.03.2025, 20:15

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments.
This issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Document Fdn.	CNA	---				---
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 21%

Vendor	Product	Version
libreoffice	libreoffice	24.8.0.0 ≤ 𝑥 < 24.8.5.1
libreoffice	libreoffice	25.2.0.0 ≤ 𝑥 < 25.2.1.1
debian	debian_linux	11.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libreoffice

bullseye	vulnerable
bullseye (security)	1:7.0.4-4+deb11u13 fixed
bookworm	4:7.4.7-1+deb12u10 fixed
bookworm (security)	4:7.4.7-1+deb12u8 fixed
trixie	4:25.2.3-2+deb13u3 fixed
forky	4:25.8.4-1 fixed
sid	4:25.8.4-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

libreoffice

oracular	Fixed 4:24.8.5-0ubuntu0.24.10.2 released
noble	Fixed 4:24.2.7-0ubuntu0.24.04.3 released
jammy	Fixed 1:7.3.7-0ubuntu0.22.04.9 released
focal	Fixed 1:6.4.7-0ubuntu0.20.04.14 released

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080

https://lists.debian.org/debian-lts-announce/2025/06/msg00002.html