Tuesday, April 29, 2025
HomeCVE/vulnerabilityLibreOffice Flaws Allow Attackers to Run Malicious Files on Windows

LibreOffice Flaws Allow Attackers to Run Malicious Files on Windows

Published on

SIEM as a Service

Follow Us on Google News

A high-severity security vulnerability (CVE-2025-0514) in LibreOffice, the widely used open-source office suite, has been patched after researchers discovered it could allow attackers to execute malicious files on Windows systems by exploiting hyperlink handling mechanisms.

The flaw, which impacts versions before 24.8.5, revolves around improper validation of non-file URLs interpreted as Windows file paths through the ShellExecute function.

Vulnerability Mechanism

The exploit leverages LibreOffice’s hyperlink activation feature, typically triggered by CTRL+click.

- Advertisement - Google News

Under normal circumstances, the software blocks paths pointing to executable files when passed to Windows’ ShellExecute API to prevent unintended program launches.

However, researchers found that specially crafted non-file URLs—such as those using alternative URI schemes or encoding techniques—could bypass these safeguards.

This allows attackers embedding malicious links in documents (e.g., .odt, .ods) to execute arbitrary code when recipients interact with the content, even without macros enabled.

Patch and Mitigation

LibreOffice maintainers released version 24.8.5 on February 25, 2025, introducing enhanced validation checks that block non-file URL interpretations as local file paths.

Collabora Productivity engineer Caolán McNamara and allotropia developer Stephen Bergman spearheaded the fix, which modifies how the software processes hyperlink targets before system handoff.

Organizations and individual users must update immediately, as unpatched systems remain vulnerable to document-based attack vectors commonly distributed via phishing campaigns.

Security researcher Amel Bouziane-Leblond identified and reported the flaw through LibreOffice’s responsible disclosure channels.

“This bypass demonstrates how subtle differences in URI parsing across systems can undermine security assumptions,” Bouziane-Leblond noted in the advisory.

The development team has urged users to scrutinize unsolicited documents and avoid enabling hyperlinks from untrusted sources.

While CVE-2025-0514 primarily affects Windows installations, the incident highlights persistent challenges in securing document-processing workflows against evolving attack methodologies.

LibreOffice’s patch follows similar recent vulnerabilities in competing office suites, underscoring the importance of routine software updates in enterprise environments.

Administrators are advised to enforce centralized update policies and combine patching with user education to mitigate social engineering risks.

The LibreOffice community has not observed active exploitation attempts but classifies the flaw as critical due to its potential impact.

Users can download the patched version directly from the project’s official repository or through Linux distribution maintainers.

Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Researchers Uncover SuperShell Payloads and Various Tools in Hacker’s Open Directories

Cybersecurity researchers at Hunt have uncovered a server hosting advanced malicious tools, including SuperShell...

Cyber Espionage Campaign Targets Uyghur Exiles with Trojanized Language Software

A sophisticated cyberattack targeted senior members of the World Uyghur Congress (WUC), the largest...

Konni APT Deploys Multi-Stage Malware in Targeted Organizational Attacks

A sophisticated multi-stage malware campaign, potentially orchestrated by the North Korean Konni Advanced Persistent...

Outlaw Cybergang Launches Global Attacks on Linux Environments with New Malware

The Outlaw cybergang, also known as “Dota,” has intensified its global assault on Linux...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Researchers Uncover SuperShell Payloads and Various Tools in Hacker’s Open Directories

Cybersecurity researchers at Hunt have uncovered a server hosting advanced malicious tools, including SuperShell...

Cyber Espionage Campaign Targets Uyghur Exiles with Trojanized Language Software

A sophisticated cyberattack targeted senior members of the World Uyghur Congress (WUC), the largest...

Konni APT Deploys Multi-Stage Malware in Targeted Organizational Attacks

A sophisticated multi-stage malware campaign, potentially orchestrated by the North Korean Konni Advanced Persistent...