Login Sign Up

CVE-2025-64403

8.1 HIGH
Authentication Bypass

📋 TL;DR

Apache OpenOffice Calc has a missing authorization vulnerability that allows attackers to craft documents with external data source links that load without user prompts. This affects all Apache OpenOffice users through version 4.1.15, potentially enabling unauthorized file access or data exfiltration.

💻 Affected Systems

Products:
  • Apache OpenOffice
Versions: through 4.1.15
Operating Systems: Windows, Linux, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of affected versions are vulnerable when processing Calc spreadsheets with external data sources.

📦 What is this software?

Openoffice by Apache

View all CVEs affecting Openoffice →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could load malicious files from external sources, potentially leading to remote code execution, data theft, or lateral movement within networks.

🟠

Likely Case

Unauthorized access to sensitive files or data exfiltration through crafted documents, potentially leading to information disclosure.

🟢

If Mitigated

With proper controls, the risk is limited to document processing within isolated environments, preventing external network access.

🌐 Internet-Facing: MEDIUM - Documents can be distributed via email or web, but requires user interaction to open malicious files.
🏢 Internal Only: MEDIUM - Internal document sharing could spread malicious files, but still requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction to open a malicious document. No public exploit code has been disclosed as of the advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.1.16

Vendor Advisory: https://www.openoffice.org/security/cves/CVE-2025-64403.html

Restart Required: Yes

Instructions:

1. Download Apache OpenOffice 4.1.16 from official website. 2. Close all OpenOffice applications. 3. Run installer and follow upgrade prompts. 4. Restart system to ensure complete update.

🔧 Temporary Workarounds

Disable external data sources

all

Configure OpenOffice to block or prompt for all external data source connections

Use alternative office suite

all

Temporarily use LibreOffice or other office software until patched

🧯 If You Can't Patch

  • Restrict document processing to isolated environments without internet access
  • Implement strict email filtering for .ods files and user education about suspicious documents

🔍 How to Verify

Check if Vulnerable:

Check Help → About Apache OpenOffice and verify version is 4.1.15 or earlier

Check Version:

OpenOffice --version (Linux/macOS) or check About dialog (Windows)

Verify Fix Applied:

Confirm version shows 4.1.16 or later in Help → About

📡 Detection & Monitoring

Log Indicators:

  • Unusual external file access attempts from OpenOffice processes
  • Multiple failed authorization attempts

Network Indicators:

  • Unexpected outbound connections from OpenOffice to external resources

SIEM Query:

process_name:"soffice.bin" AND (network_connection:* OR file_access:*)

📊 Metadata

CVE ID: CVE-2025-64403
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CWE: CWE-862
EPSS Score: 0.01% exploit probability (2.1th percentile)
Published: November 12, 2025
Last Updated: November 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64403, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)