CVE-2025-64407 – Apache OpenOffice versions through 4.1.15 have ... (How to Fix)

Q: What is the severity of CVE-2025-64407?

CVE-2025-64407 has a CVSS score of 5.3 (MEDIUM). Apache OpenOffice versions through 4.1.15 have an authorization vulnerability where specially crafted documents can automatically load external links without user permission. This allows attackers to exfiltrate system information like environment variables and configuration settings. All users of affected OpenOffice versions are vulnerable.

📋 TL;DR

Apache OpenOffice versions through 4.1.15 have an authorization vulnerability where specially crafted documents can automatically load external links without user permission. This allows attackers to exfiltrate system information like environment variables and configuration settings. All users of affected OpenOffice versions are vulnerable.

💻 Affected Systems

Products:

Apache OpenOffice

Versions: through 4.1.15

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. The vulnerability requires a user to open a malicious document.

📦 What is this software?

Openoffice by Apache

View all CVEs affecting Openoffice →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive system configuration data, environment variables, and potentially credentials are exfiltrated to attacker-controlled servers, leading to further system compromise.

🟠

Likely Case

System information leakage including environment variables, configuration settings, and potentially user data is transmitted to external servers without user knowledge.

🟢

If Mitigated

With proper network segmentation and egress filtering, data exfiltration attempts are blocked, limiting impact to information disclosure within the local network.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction (opening a malicious document). The vulnerability is similar to CVE-2024-12426 in LibreOffice.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.1.16

Vendor Advisory: https://www.openoffice.org/security/cves/CVE-2025-64407.html

Restart Required: No

Instructions:

1. Download Apache OpenOffice 4.1.16 from the official website. 2. Run the installer. 3. Follow installation prompts to upgrade. 4. Verify the new version is installed.

🔧 Temporary Workarounds

Disable automatic link loading

all

Configure OpenOffice to prompt before loading external links

Network egress filtering

all

Block outbound connections from OpenOffice to external servers

🧯 If You Can't Patch

Use LibreOffice instead of Apache OpenOffice
Implement strict document handling policies and only open documents from trusted sources

🔍 How to Verify

Check if Vulnerable:

Check OpenOffice version in Help → About Apache OpenOffice

Check Version:

OpenOffice --version (Linux/macOS) or check Help → About (Windows)

Verify Fix Applied:

Verify version is 4.1.16 or higher in Help → About Apache OpenOffice

📡 Detection & Monitoring

Log Indicators:

Unusual outbound network connections from OpenOffice process
Multiple failed attempts to access external resources

Network Indicators:

Outbound HTTP/HTTPS requests to unusual domains from OpenOffice
Data exfiltration patterns from OpenOffice process

SIEM Query:

process_name:"soffice.bin" AND destination_ip:external AND (http_request OR https_request)

📊 Metadata

CVE ID: CVE-2025-64407

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-201

EPSS Score: 0.17% exploit probability (38.2th percentile)

Published: November 12, 2025

Last Updated: November 13, 2025

🔗 References

https://lists.apache.org/thread/4yg1gv71f14fw4ky4ds50o6xjq49594g Mailing List,Vendor Advisory
https://www.openoffice.org/security/cves/CVE-2025-64407.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64407, you might also want to check these: