Login Sign Up

CVE-2025-64404

7.5 HIGH
Authentication Bypass

📋 TL;DR

Apache OpenOffice versions through 4.1.15 have a missing authorization vulnerability that allows attackers to craft documents that automatically load external files without user permission. This occurs when documents use background fill images or bullet images linked to external files. All users running affected versions are vulnerable.

💻 Affected Systems

Products:
  • Apache OpenOffice
Versions: through 4.1.15
Operating Systems: Windows, Linux, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. The vulnerability requires user interaction (opening a malicious document).

📦 What is this software?

Openoffice by Apache

View all CVEs affecting Openoffice →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could embed malicious content from external sources, potentially leading to remote code execution, data exfiltration, or system compromise when a user opens a crafted document.

🟠

Likely Case

Attackers could load malicious scripts or content from attacker-controlled servers, leading to information disclosure, phishing attacks, or malware delivery.

🟢

If Mitigated

With proper network segmentation and user awareness, the impact is limited to potential information disclosure from internal network resources.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction to open a malicious document. The vulnerability is straightforward to exploit once a malicious document is crafted.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.1.16

Vendor Advisory: https://www.openoffice.org/security/cves/CVE-2025-64404.html

Restart Required: Yes

Instructions:

1. Download Apache OpenOffice 4.1.16 from the official website
2. Close all OpenOffice applications
3. Run the installer to upgrade
4. Restart the system if prompted

🔧 Temporary Workarounds

Disable external content loading

all

Configure OpenOffice to block external content loading through security settings

Use alternative office suite

all

Temporarily use LibreOffice or other office suites until patched

🧯 If You Can't Patch

  • Implement strict document handling policies: only open documents from trusted sources
  • Use network segmentation to restrict outbound connections from OpenOffice to untrusted networks

🔍 How to Verify

Check if Vulnerable:

Check OpenOffice version in Help > About Apache OpenOffice

Check Version:

OpenOffice --version (Linux) or check Help > About (Windows/macOS)

Verify Fix Applied:

Verify version is 4.1.16 or higher in Help > About Apache OpenOffice

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound network connections from OpenOffice process
  • Multiple failed attempts to load external resources

Network Indicators:

  • HTTP/HTTPS requests to unusual domains from OpenOffice user agents
  • Unexpected file downloads triggered by OpenOffice

SIEM Query:

process_name:"soffice.bin" AND (destination_ip:external_network OR url_contains:"http")

📊 Metadata

CVE ID: CVE-2025-64404
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-862
EPSS Score: 0.14% exploit probability (33.3th percentile)
Published: November 12, 2025
Last Updated: November 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64404, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)