Unrated severityNVD Advisory· Published Feb 25, 2025· Updated Feb 25, 2025

Executable hyperlink Windows path targets executed unconditionally on activation

CVE-2025-0514

Description

Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.This issue affects LibreOffice: from 24.8 before < 24.8.5.

Affected products

The Document Foundation/Libreoffice Onlinellm-fuzzy2 versions
<24.8.5+ 1 more
- (no CPE)range: <24.8.5
- (no CPE)range: 24.8
osv-coords4 versions
pkg:deb/ubuntu/libreoffice@1:6.4.7-0ubuntu0.20.04.13?arch=source&distro=focal pkg:deb/ubuntu/libreoffice@1:7.3.7-0ubuntu0.22.04.8?arch=source&distro=jammy pkg:deb/ubuntu/libreoffice@4:24.2.7-0ubuntu0.24.04.2?arch=source&distro=noble pkg:deb/ubuntu/libreoffice@4:24.8.4-0ubuntu0.24.10.2?arch=source&distro=oracular
>= 0+ 3 more
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.libreoffice.org/about-us/security/advisories/cve-2025-0514mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000