CVE-2024-6472 – This vulnerability in LibreOffice's certificate... (How to Fix)

Q: What is the severity of CVE-2024-6472?

CVE-2024-6472 has a CVSS score of 7.8 (HIGH). This vulnerability in LibreOffice's certificate validation UI could allow users to inadvertently run malicious signed macros when certificate verification fails. The interface previously didn't clearly communicate verification failures, potentially leading users to enable macros anyway. This affects LibreOffice users running versions 24.2 through 24.2.4.

📋 TL;DR

This vulnerability in LibreOffice's certificate validation UI could allow users to inadvertently run malicious signed macros when certificate verification fails. The interface previously didn't clearly communicate verification failures, potentially leading users to enable macros anyway. This affects LibreOffice users running versions 24.2 through 24.2.4.

💻 Affected Systems

Products:

LibreOffice

Versions: 24.2 through 24.2.4

Operating Systems: All platforms running LibreOffice

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects documents with signed macros where certificate verification fails.

📦 What is this software?

Libreoffice by Libreoffice

View all CVEs affecting Libreoffice →

⚠️ Risk & Real-World Impact

🔴

Worst Case

User executes malicious macro thinking it's properly signed, leading to full system compromise, data theft, or ransomware deployment.

🟠

Likely Case

User accidentally enables a macro with invalid certificate, potentially executing unwanted code or scripts.

🟢

If Mitigated

User sees clear warning and rejects the macro, preventing execution of potentially malicious content.

🌐 Internet-Facing: MEDIUM - Requires user interaction with malicious document, but common in office workflows.

🏢 Internal Only: MEDIUM - Similar risk internally if users handle untrusted documents.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Requires user interaction but simple social engineering.

Exploitation requires user to open a malicious document and choose to enable macros despite verification failure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 24.2.5 or later

Vendor Advisory: https://www.libreoffice.org/about-us/security/advisories/CVE-2024-6472

Restart Required: Yes

Instructions:

1. Open LibreOffice
2. Go to Help → Check for Updates
3. Follow prompts to update to 24.2.5 or later
4. Restart LibreOffice after update

🔧 Temporary Workarounds

Disable macro execution

all

Prevent all macros from running regardless of signature status

Tools → Options → Security → Macro Security → Set to 'Very High' (no macros)

User training

all

Train users to never enable macros from untrusted sources

🧯 If You Can't Patch

Disable macro execution entirely in LibreOffice settings
Use alternative office software temporarily
Implement application whitelisting to block LibreOffice

🔍 How to Verify

Check if Vulnerable:

Check LibreOffice version in Help → About LibreOffice

Check Version:

libreoffice --version (Linux/macOS) or check About dialog (Windows)

Verify Fix Applied:

Confirm version is 24.2.5 or higher in Help → About LibreOffice

📡 Detection & Monitoring

Log Indicators:

LibreOffice crash logs
System logs showing unexpected process execution after LibreOffice use

Network Indicators:

Unexpected outbound connections after opening documents

SIEM Query:

source="libreoffice" AND (event="macro_execution" OR event="certificate_verification_failure")

📊 Metadata

CVE ID: CVE-2024-6472

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-295

Published: August 5, 2024

Last Updated: December 10, 2025

🔗 References

https://www.libreoffice.org/about-us/security/advisories/CVE-2024-6472 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6472, you might also want to check these: