CVE-2025-0514 – This vulnerability in LibreOffice allows attack... (How to Fix)

Q: What is the severity of CVE-2025-0514?

CVE-2025-0514 has a CVSS score of 7.8 (HIGH). This vulnerability in LibreOffice allows attackers to execute arbitrary Windows executables through malicious hyperlinks. When a user clicks on a specially crafted hyperlink in a document, the executable runs without warning or validation. This affects LibreOffice users on Windows systems running vulnerable versions.

📋 TL;DR

This vulnerability in LibreOffice allows attackers to execute arbitrary Windows executables through malicious hyperlinks. When a user clicks on a specially crafted hyperlink in a document, the executable runs without warning or validation. This affects LibreOffice users on Windows systems running vulnerable versions.

💻 Affected Systems

Products:

LibreOffice

Versions: 24.8.0 through 24.8.4

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Windows versions of LibreOffice. Linux and macOS versions are not vulnerable to this specific issue.

📦 What is this software?

Libreoffice by Libreoffice

View all CVEs affecting Libreoffice →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via arbitrary code execution, potentially leading to ransomware deployment, data theft, or persistent backdoor installation.

🟠

Likely Case

Malware installation or credential theft when users open malicious documents containing weaponized hyperlinks.

🟢

If Mitigated

No impact if users avoid clicking suspicious hyperlinks or if proper security controls block malicious documents.

🌐 Internet-Facing: MEDIUM - Requires user interaction with malicious documents, but these can be distributed via email or downloads.

🏢 Internal Only: MEDIUM - Internal phishing campaigns or shared malicious documents could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction (clicking hyperlink) and Windows environment. No authentication bypass needed beyond document access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 24.8.5 or later

Vendor Advisory: https://www.libreoffice.org/about-us/security/advisories/cve-2025-0514

Restart Required: No

Instructions:

1. Open LibreOffice. 2. Go to Help > Check for Updates. 3. Follow prompts to update to version 24.8.5 or later. 4. Alternatively, download latest version from official LibreOffice website.

🔧 Temporary Workarounds

Disable hyperlink execution

windows

Configure LibreOffice to disable execution of hyperlinks to executable files

Use Protected View

all

Configure LibreOffice to open all documents from untrusted sources in Protected View mode

🧯 If You Can't Patch

Implement application whitelisting to block unauthorized executable execution
Use email/web gateways to block documents with executable hyperlinks

🔍 How to Verify

Check if Vulnerable:

Check LibreOffice version via Help > About LibreOffice. If version is between 24.8.0 and 24.8.4 on Windows, system is vulnerable.

Check Version:

Not applicable - use GUI method via Help > About LibreOffice

Verify Fix Applied:

After update, verify version is 24.8.5 or later in Help > About LibreOffice.

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs showing unexpected process execution from LibreOffice
LibreOffice logs showing hyperlink activation to .exe files

Network Indicators:

Outbound connections from LibreOffice to suspicious domains after hyperlink activation

SIEM Query:

Process creation where parent process contains 'soffice' AND command line contains '.exe'

📊 Metadata

CVE ID: CVE-2025-0514

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-20

EPSS Score: 0.05% exploit probability (14th percentile)

Published: February 25, 2025

Last Updated: December 10, 2025

🔗 References

https://www.libreoffice.org/about-us/security/advisories/cve-2025-0514 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0514, you might also want to check these: