CVE-2025-1080

EUVD-2025-7377

04.03.2025, 20:15

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments.
This issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 21%

Affected Products (NVD)

Vendor	Product	Version
libreoffice	libreoffice	24.8.0.0 ≤ 𝑥 < 24.8.5.1
libreoffice	libreoffice	25.2.0.0 ≤ 𝑥 < 25.2.1.1
debian	debian_linux	11.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libreoffice

bookworm	4:7.4.7-1+deb12u10 fixed
bookworm (security)	4:7.4.7-1+deb12u8 fixed
bullseye	vulnerable
bullseye (security)	1:7.0.4-4+deb11u13 fixed
forky	4:26.2.1-1 fixed
sid	4:26.2.1-1 fixed
trixie	4:25.2.3-2+deb13u3 fixed

Ubuntu Releases

Ubuntu Product

Codename

libreoffice

focal	Fixed 1:6.4.7-0ubuntu0.20.04.14 released
jammy	Fixed 1:7.3.7-0ubuntu0.22.04.9 released
noble	Fixed 4:24.2.7-0ubuntu0.24.04.3 released
oracular	Fixed 4:24.8.5-0ubuntu0.24.10.2 released

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080

https://lists.debian.org/debian-lts-announce/2025/06/msg00002.html