A significant security vulnerability in LibreOffice, designated as CVE-2025-1080, has been patched in versions 24.8.5 and 25.2.1, released on March 4, 2025.
The flaw, which allowed attackers to execute arbitrary scripts through manipulated macro URLs, posed a severe risk to users of the open-source office suite.
This vulnerability underscores the importance of prompt software updates in enterprise and personal computing environments.
The vulnerability stems from LibreOffice’s implementation of Office URI Schemes, a feature designed to facilitate browser integration with Microsoft SharePoint servers.
While this functionality enables seamless document collaboration, researchers identified a critical oversight in LibreOffice’s custom vnd.libreoffice.command URI scheme.
In affected versions (prior to 24.8.5 and 25.2.1), attackers could craft specialized links containing embedded inner URLs.
When clicked, these malicious links bypassed security protocols and triggered internal LibreOffice macros with unauthorized arguments.
Security analyst Amel Bouziane-Leblond, who discovered the vulnerability, noted that “the URI handler failed to properly sanitize nested URL components, creating an execution pipeline for untrusted code.”
This exploitation mechanism could occur without user interaction beyond clicking a link in a web browser.
The flaw effectively transformed ordinary document-sharing workflows into potential attack vectors, particularly dangerous in organizations using SharePoint-integrated collaboration systems.
LibreOffice maintainers addressed the vulnerability through enhanced URI validation protocols in the updated releases. The patch introduces multiple security checks:
“These changes ensure command URIs adhere to strict formatting rules while maintaining compatibility with legitimate SharePoint integrations,” explained Caolán McNamara of Collabora Productivity, who led the patching effort.
Organizations unable to immediately upgrade should disable LibreOffice’s browser integration features through Group Policy settings or application hardening tools.
This discovery highlights the evolving security challenges in cross-platform productivity software.
Researchers and maintainers urge users to maintain vigilance against social engineering tactics that could amplify technical vulnerabilities.
The coordinated disclosure between independent security researchers and LibreOffice developers demonstrates effective open-source community responses to emerging threats.
Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free
Cybersecurity researchers have reported a significant rise in web breaches triggered by a lesser-known technique:…
A new wave of cyberattacks is targeting Active Directory (AD) environments by abusing Windows Remote…
Security researchers Nikolai Skliarenko and Yazhi Wang of Trend Micro’s Research Team have disclosed critical…
Critical vulnerability in Apache ActiveMQ (CVE-2024-XXXX) exposes brokers to denial-of-service (DoS) attacks by allowing malicious…
Cybersecurity researchers at Kaspersky have identified a new supply chain vulnerability emerging from the widespread…
UK government has unveiled plans to implement passkey technology across its digital services later this…