CVE-2025-64405
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-12

Last updated on: 2025-11-13

Assigner: Apache Software Foundation

Description
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, Calc spreadsheet containing DDE links to external files would load the contents of those files without prompting the user for permission to do so. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2025-11-13
Generated
2026-06-16
AI Q&A
2025-11-12
EPSS Evaluated
2026-06-14
NVD
CVE-2025-64405
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
apache openoffice to 4.1.16 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Apache OpenOffice allows an attacker to create a document with external links that load automatically without user permission. Specifically, a Calc spreadsheet with DDE links to external files can load those files' contents without prompting the user, due to missing authorization checks.

Impact Analysis

The vulnerability can lead to unauthorized loading of external content when opening a crafted Apache OpenOffice document, potentially exposing the user to malicious data or privacy risks without their knowledge or consent.

Mitigation Strategies

Upgrade Apache OpenOffice to version 4.1.16 or later, as this version fixes the missing Authorization vulnerability that allows external links to be loaded without prompt.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-64405. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart