7.5

CVE-2025-64404

Apache OpenOffice: Remote documents loaded without prompt via background and bullet images

Apache OpenOffice documents can contain links to other files. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links 
to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used background fill images, or bullet images, linked to external files would 
load the contents of those files without prompting the user for 
permission to do so.

This issue affects Apache OpenOffice: through 4.1.15.

Users are recommended to upgrade to version 4.1.16, which fixes the issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheOpenoffice Version < 4.1.16
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.16% 0.631
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://lists.apache.org/thread/08n4mdx0pnhqsllnkc63d27sdgq3tygc
Vendor Advisory
Mailing List
https://www.openoffice.org/security/cves/CVE-2025-64404.html
Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/11/11/7
Third Party Advisory
Mailing List