CVE-2025-64405
BaseFortify
Publication date: 2025-11-12
Last updated on: 2025-11-13
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | openoffice | to 4.1.16 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Apache OpenOffice allows an attacker to create a document with external links that load automatically without user permission. Specifically, a Calc spreadsheet with DDE links to external files can load those files' contents without prompting the user, due to missing authorization checks.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized loading of external content when opening a crafted Apache OpenOffice document, potentially exposing the user to malicious data or privacy risks without their knowledge or consent.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Apache OpenOffice to version 4.1.16 or later, as this version fixes the missing Authorization vulnerability that allows external links to be loaded without prompt.