FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libreoffice -- Macro URL arbitrary script execution

Affected packages
24.8 <= libreoffice < 24.8.5
25.2 <= libreoffice < 25.2.1

Details

VuXML ID a86f9189-fdd9-11ef-91ff-b42e991fc52e
Discovery 2025-03-04
Entry 2025-03-10

security@documentfoundation.org reports:

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments. This issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1.

References

CVE Name CVE-2025-1080
URL https://nvd.nist.gov/vuln/detail/CVE-2025-1080