CyberSecurityBoard
Sponsor Register Login

LibreOffice Vulnerabilities Let Attackers Execute Malicious Files on Windows Systems

A critical security vulnerability in LibreOffice (CVE-2025-0514) has been patched after researchers discovered that manipulated documents could bypass safeguards and execute malicious files on Windows systems. The flaw, rated 7.2 on the CVSS v4.0 scale, exposes users to potential remote code execution (RCE) attacks by exploiting LibreOffice’s hyperlink handling mechanism. Users can download the latest version from LibreOffice’s official site, while enterprise deployments should prioritize endpoint monitoring to detect anomalous process executions linked to document workflows. When users press CTRL + Click on a hyperlink, the application passes the link to the Windows ShellExecute function, which processes the request. LibreOffice’s hyperlink feature, designed for user convenience, inadvertently created a vector for living-off-the-land (LOL) attacks, where legitimate system tools like ShellExecute are weaponized. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. For example, a crafted link like \\attacker-server\malicious.exe could be interpreted as a local file path, bypassing LibreOffice’s filters and triggering the execution of malicious payloads. Organizations unable to patch immediately should consider disabling hyperlink execution via LibreOffice’s settings or implementing application whitelisting to block unauthorized executables. The Document Foundation addressed the vulnerability in LibreOffice 24.8.5. The update modifies how non-file URLs are processed, ensuring they no longer bypass executable path checks. The vulnerability stems from improper input validation in LibreOffice’s handling of hyperlinks on Windows. Similar issues have plagued LibreOffice in the past, including the 2018 WEBSERVICE function exploit (CVE-2018-6871), which allowed arbitrary file disclosures via manipulated spreadsheet formulas. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. Amel Bouziane-Leblond, the researcher who reported the flaw, emphasized that the exploit’s simplicity underscores the importance of rigorous input validation in office software. Security teams strongly recommend immediate upgrades for all Windows users.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 27 Feb 2025 06:45:15 +0000


Cyber News related to LibreOffice Vulnerabilities Let Attackers Execute Malicious Files on Windows Systems

LibreOffice Vulnerabilities Let Attackers Execute Malicious Files on Windows Systems - A critical security vulnerability in LibreOffice (CVE-2025-0514) has been patched after researchers discovered that manipulated documents could bypass safeguards and execute malicious files on Windows systems. The flaw, rated 7.2 on the CVSS v4.0 ...
4 months ago Cybersecuritynews.com CVE-2025-0514 CVE-2018-6871
CVE-2025-1080 - LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link ...
4 months ago
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
1 year ago Techrepublic.com
IT and OT cybersecurity: A holistic approach - In comparison, OT refers to the specialized systems that control physical processes and industrial operations. OT Technologies include industrial control systems, SCADA systems and programmable logic controllers that directly control physical ...
1 year ago Securityintelligence.com
CVE-2022-3140 - LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links ...
2 years ago
CVE-2024-5261 - Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification ...
1 year ago
The Embedded Systems and The Internet of Things - The Internet of Things is a quite new concept dealing with the devices being connected to each other and communicating through the web environment. This concept is gaining its popularity amongst the embedded systems that exist - let's say - 10 or ...
1 year ago Cyberdefensemagazine.com
CVE-2020-12801 - If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format ...
1 year ago
Microsoft to let Windows 10 home users buy Extended Security Updates - Microsoft says that all Windows 10 customers will be able to pay for three extra years of security updates through the company's Extended Security Updates program after the end of support date. After Windows 10 reaches the end of support on October ...
1 year ago Bleepingcomputer.com
Microsoft to let Windows 10 home users buy Extended Security Updates - Microsoft says that all Windows 10 customers will be able to pay for three extra years of security updates through the company's Extended Security Updates program after the end of support date. After Windows 10 reaches the end of support on October ...
1 year ago Bleepingcomputer.com
Reverse, Reveal, Recover: Windows Defender Quarantine Forensics - Windows Defender places malicious files into quarantine upon detection. Fox-IT's open-source digital forensics and incident response framework Dissect can now recover this metadata, in addition to recovering quarantined files from the Windows ...
1 year ago Blog.fox-it.com
Windows 11 to let admins mandate SMB encryption for outbound connections - Windows 11 will let admins mandate SMB client encryption for all outbound connections, starting with today's Windows 11 Insider Preview Build 25982 rolling out to Insiders in the Canary Channel. SMB encryption provides data end-to-end encryption and ...
1 year ago Bleepingcomputer.com
Creating a New Market for Post-Quantum Cryptography - A day in the busy life of any systems integrator includes many actions that revolve around the lifeblood of its business - its customers. Systems integrators help solve evolving customer business challenges, which in turn adds partner value. It's a ...
1 year ago Securityboulevard.com
CVE-2019-9855 - LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify ...
2 years ago
Windows Security in 2025: Battling Sophisticated Threats with Advanced Defenses - As threat actors adapt their techniques, Microsoft has responded with significant security enhancements while organizations navigate a complex threat environment dominated by privilege escalation attacks and driver vulnerabilities. This Windows ...
2 months ago Cybersecuritynews.com CVE-2025-0289
LibreOffice Vulnerabilities Let Attackers Write to Arbitrary File & Extract Values - Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. For enterprises, integrating security tools like intrusion detection systems (IDS) to monitor LibreOffice’s file operations ...
4 months ago Cybersecuritynews.com
Analysis of OT cyberattacks and malwares - Let's find the answer to all the questions by looking into some history of OT attacks and malware. We systematically categorize the attacks into direct and indirect vectors. Direct attacks are those that target OT systems through the exploitation of ...
1 year ago Securityboulevard.com
Cybersecurity In Critical Infrastructure: Protecting Power Grids and Smart Grids - Cyber Defense Magazine - Network Intrusion: Network communication systems of power and smart grids can be intruded through weak security configurations like default password, unsecured remote access, or unpatched systems and other vulnerabilities to gain control into the ...
9 months ago Cyberdefensemagazine.com
CVE-2019-9850 - LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify ...
2 years ago
Microsoft No Longer Selling Windows 10 Licenses Redirects to Windows 11 Product Pages - Marking an end to an era, Microsoft is no longer directly selling Windows 10 product keys on their website, instead redirecting users to Windows 11 product pages. This month, Microsoft began displaying an alert on their Windows 10 Home and Pro ...
2 years ago Bleepingcomputer.com
CVE-2023-2255 - Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used ...
1 year ago
Microsoft fixes Copilot issue blocking Windows 11 upgrades - Microsoft has lifted a compatibility hold that blocked upgrades to Windows 11 23H2 after resolving an issue that caused desktop icons to move erratically when using Windows Copilot on multi-monitor systems. On Windows systems with more than one ...
1 year ago Bleepingcomputer.com CVE-2024-20666
CVE-2021-25634 - LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation ...
3 years ago
CVE-2021-25635 - An Improper Certificate Validation vulnerability in LibreOffice allowed ...
3 months ago
CVE-2021-25633 - LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation ...
3 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)