CVE-2025-0514

Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.This issue affects LibreOffice: from 24.8 before < 24.8.5.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.libreoffice.org/about-us/security/advisories/cve-2025-0514	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*

History

10 Dec 2025, 19:21

Type	Values Removed	Values Added
CPE		cpe:2.3:a:libreoffice:libreoffice::::::::
Summary		(es) La vulnerabilidad de validación de entrada incorrecta en The Document Foundation LibreOffice permite que los destinos de hipervínculos ejecutables de Windows se ejecuten incondicionalmente durante la activación. Este problema afecta a LibreOffice: desde la versión 24.8 hasta la versión < 24.8.5.
References	~~() https://www.libreoffice.org/about-us/security/advisories/cve-2025-0514 -~~	() https://www.libreoffice.org/about-us/security/advisories/cve-2025-0514 - Vendor Advisory
First Time		Libreoffice libreoffice Libreoffice
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CWE		NVD-CWE-noinfo

25 Feb 2025, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-25 22:15

Updated : 2025-12-10 19:21

NVD link : CVE-2025-0514

Mitre link : CVE-2025-0514

CVE.ORG link : CVE-2025-0514

JSON object : View

Products Affected

libreoffice

libreoffice

CWE

CWE-20

Improper Input Validation

NVD-CWE-noinfo

{"id": "CVE-2025-0514", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "security@documentfoundation.org", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.2, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-02-25T22:15:14.887", "references": [{"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2025-0514", "tags": ["Vendor Advisory"], "source": "security@documentfoundation.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@documentfoundation.org", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.This issue affects LibreOffice: from 24.8 before < 24.8.5."}, {"lang": "es", "value": "La vulnerabilidad de validaci\u00f3n de entrada incorrecta en The Document Foundation LibreOffice permite que los destinos de hiperv\u00ednculos ejecutables de Windows se ejecuten incondicionalmente durante la activaci\u00f3n. Este problema afecta a LibreOffice: desde la versi\u00f3n 24.8 hasta la versi\u00f3n < 24.8.5."}], "lastModified": "2025-12-10T19:21:24.867", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D84D9AF-1B4C-46E6-8815-DF81A593E682", "versionEndExcluding": "24.8.5.1", "versionStartIncluding": "24.8.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@documentfoundation.org"}