CVE-2025-64403
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Lifecycle Timeline
2Description
Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links to be loaded without prompt. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue.
Analysis
Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical Context
This vulnerability is classified as Missing Authorization (CWE-862), which allows attackers to access resources or perform actions without proper authorization checks. Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links to be loaded without prompt.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue. Affected products include: Apache Openoffice. Version information: through 4.1.15..
Affected Products
Apache Openoffice.
Remediation
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement role-based access control, validate authorization on every request server-side, apply principle of least privilege.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today