LibreOffice is a well-liked open supply Workplace suite that’s utilized by hundreds of thousands of customers as an alternative choice to Microsoft Workplace. We’ve got adopted LibreOffice for nearly 15 years right here on this weblog. The builders of the free instrument have simply confirmed a brand new safety problem in LibreOffice that impacts customers on Home windows solely.
The small print:
- LibreOffice 24.8 to 24.8.4 are affected by the difficulty.
- Attackers could exploit the difficulty to launch executable information when customers activate hyperlinks in LibreOffice paperwork.
- The severity is excessive.
In regards to the vulnerability
LibreOffice paperwork could include hyperlinks. Customers could open the hyperlinks instantly by holding down the Ctrl-key earlier than left-clicking on a hyperlink. The Workplace suite consists of protections in opposition to launching executable information instantly from hyperlinks.
How it’s triggered: customers do have to actively Ctrl-click on hyperlinks in LibreOffice paperwork to set off the vulnerability.
The vulnerability CVE-2025-0514 is a bypass that enables attackers to create specifically crafted paperwork that include hyperlinks that will run executable information on the goal system.
LibreOffice explains that the built-in “mechanism could possibly be bypassed by use of non-file URLs that could possibly be interpreted by ShellExecute as Home windows file paths”.
Good to know: ShellExecute is a Home windows perform for launching functions.
Resolution: set up the replace to LibreOffice 24.8.5
A brand new model of LibreOffice was launched final week that fixes the safety problem by blocking means to bypass the hyperlink protections.
LibreOffice 24.8.5 is offered and customers are inspired to put in the brand new model on their gadgets, particularly in the event that they run the software program on a Home windows PC.
Downloads are supplied on the official mission web site. Notice that LibreOffice 24.8.x is the earlier secure department of the open Workplace suite. You might also obtain and set up LibreOffice 25.2.1, which is the present secure model.
Notice that the builders don’t point out LibreOffice 25.2.1 within the context of the vulnerability. This implies that the newest model can also be — seemingly — not affected by the vulnerability.
Abstract
Article Title
LibreOffice: Home windows vulnerability impacts hyperlinks in paperwork, patch obtainable
Description
A brand new LibreOffice vulnerability was disclosed that impacts Home windows customers. Learn the way it’s exploited and what you are able to do about it.
Writer
Martin Brinkmann
Writer
Ghacks Expertise Information
Emblem
Commercial
:quality(85):upscale()/2025/02/27/808/n/1922398/26784cf967c0adcd4c0950.54527747_.jpg "A Bruja’s Guide to Navigating Eclipse Season")
