CVE-2025-64401
BaseFortify
Publication date: 2025-11-12
Last updated on: 2025-11-13
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | openoffice | to 4.1.16 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Apache OpenOffice involves a missing authorization check that allows an attacker to create a document with "floating frames" linked to external files. When such a document is opened, the contents of these external links are loaded automatically without prompting the user for permission.
How can this vulnerability impact me? :
The vulnerability can impact you by causing your Apache OpenOffice to load external content without your consent, potentially exposing your system to malicious content or leaking information through automatic external requests.
What immediate steps should I take to mitigate this vulnerability?
Users are recommended to upgrade Apache OpenOffice to version 4.1.16, which fixes the issue.