CVE-2025-64405 – Apache OpenOffice versions through 4.1.15 have ... (How to Fix)

Q: What is the severity of CVE-2025-64405?

CVE-2025-64405 has a CVSS score of 7.5 (HIGH). Apache OpenOffice versions through 4.1.15 have a missing authorization vulnerability where specially crafted Calc spreadsheets containing DDE links can automatically load external files without user consent. This allows attackers to potentially access sensitive data from the victim's system. All users running affected OpenOffice versions are vulnerable.

📋 TL;DR

Apache OpenOffice versions through 4.1.15 have a missing authorization vulnerability where specially crafted Calc spreadsheets containing DDE links can automatically load external files without user consent. This allows attackers to potentially access sensitive data from the victim's system. All users running affected OpenOffice versions are vulnerable.

💻 Affected Systems

Products:

Apache OpenOffice

Versions: through 4.1.15

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Calc spreadsheets with DDE links. Other document types are not affected.

📦 What is this software?

Openoffice by Apache

View all CVEs affecting Openoffice →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could exfiltrate sensitive local files (including credentials, documents, configuration files) from the victim's system by embedding malicious DDE links in a spreadsheet.

🟠

Likely Case

Targeted attacks where victims open malicious spreadsheets could lead to unauthorized file access and data leakage.

🟢

If Mitigated

With proper user awareness and file validation, the risk is limited to accidental exposure of non-critical files.

🌐 Internet-Facing: MEDIUM - Attackers can distribute malicious documents via email or websites, but requires user interaction to open.

🏢 Internal Only: MEDIUM - Internal spear-phishing campaigns could exploit this, but still requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction (opening a malicious document). No authentication bypass needed beyond the missing authorization for DDE links.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.1.16

Vendor Advisory: https://www.openoffice.org/security/cves/CVE-2025-64405.html

Restart Required: Yes

Instructions:

1. Download Apache OpenOffice 4.1.16 from official website. 2. Close all OpenOffice applications. 3. Run installer and follow prompts. 4. Restart computer if prompted.

🔧 Temporary Workarounds

Disable DDE links

all

Configure OpenOffice to disable DDE link processing

Not applicable - requires GUI configuration in Tools > Options > Security

Use LibreOffice

all

Switch to LibreOffice which is not affected by this vulnerability

sudo apt install libreoffice (Linux)
Download from https://www.libreoffice.org/ (Windows/macOS)

🧯 If You Can't Patch

Educate users to never open untrusted OpenOffice documents, especially .ods files
Implement application whitelisting to block execution of older OpenOffice versions

🔍 How to Verify

Check if Vulnerable:

Check OpenOffice version via Help > About Apache OpenOffice. If version is 4.1.15 or earlier, you are vulnerable.

Check Version:

OpenOffice --version (Linux/macOS) or check via Help menu (all platforms)

Verify Fix Applied:

After upgrading, verify version shows 4.1.16 or later in Help > About.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns from OpenOffice process
Multiple DDE connection attempts in system logs

Network Indicators:

Unexpected outbound connections from OpenOffice to external resources

SIEM Query:

process_name:"soffice.bin" AND (file_access:* OR network_connection:*)

📊 Metadata

CVE ID: CVE-2025-64405

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-862

EPSS Score: 0.14% exploit probability (33.3th percentile)

Published: November 12, 2025

Last Updated: November 13, 2025

🔗 References

https://lists.apache.org/thread/0jjftxkcc4l9kt7jjn630hfrh2ygfcbk Mailing List,Vendor Advisory
https://www.openoffice.org/security/cves/CVE-2025-64405.html Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/11/11/8 Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64405, you might also want to check these: