A critical security vulnerability in LibreOffice (CVE-2025-0514) has been patched after researchers discovered that manipulated documents could bypass safeguards and execute malicious files on Windows systems. The flaw, rated 7.2 on the CVSS v4.0 scale, exposes users to potential remote code execution (RCE) attacks by exploiting LibreOffice’s hyperlink handling mechanism. Users can download the latest version from LibreOffice’s official site, while enterprise deployments should prioritize endpoint monitoring to detect anomalous process executions linked to document workflows. When users press CTRL + Click on a hyperlink, the application passes the link to the Windows ShellExecute function, which processes the request. LibreOffice’s hyperlink feature, designed for user convenience, inadvertently created a vector for living-off-the-land (LOL) attacks, where legitimate system tools like ShellExecute are weaponized. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. For example, a crafted link like \\attacker-server\malicious.exe could be interpreted as a local file path, bypassing LibreOffice’s filters and triggering the execution of malicious payloads. Organizations unable to patch immediately should consider disabling hyperlink execution via LibreOffice’s settings or implementing application whitelisting to block unauthorized executables. The Document Foundation addressed the vulnerability in LibreOffice 24.8.5. The update modifies how non-file URLs are processed, ensuring they no longer bypass executable path checks. The vulnerability stems from improper input validation in LibreOffice’s handling of hyperlinks on Windows. Similar issues have plagued LibreOffice in the past, including the 2018 WEBSERVICE function exploit (CVE-2018-6871), which allowed arbitrary file disclosures via manipulated spreadsheet formulas. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. Amel Bouziane-Leblond, the researcher who reported the flaw, emphasized that the exploit’s simplicity underscores the importance of rigorous input validation in office software. Security teams strongly recommend immediate upgrades for all Windows users.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 27 Feb 2025 06:45:15 +0000