Published: 04/03/2025 Updated: 04/03/2025

LibreOffice URI Scheme Vulnerability Enables Arbitrary Macro Execution

A vulnerability exists in LibreOffice related to Office URI Schemes and browser integration with MS SharePoint server. The issue involves the 'vnd.libreoffice.command' scheme specific to LibreOffice. An attacker could craft a malicious link in a browser using this scheme that contains an embedded inner URL. When passed to LibreOffice, this link could potentially trigger internal macros with arbitrary arguments. The vulnerability impacts LibreOffice versions from 24.8 before 24.8.5 and from 25.2 before 25.2.1. Users of these specific LibreOffice versions should update to the latest patched release to mitigate this security risk.

Vulnerable Product	Search on Vulmon	Subscribe to Product
the document foundation libreoffice

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server An additional scheme 'vndlibreofficecommand' specific to LibreOffice was added In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffic ...

CWE-20 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALASLIBREOFFICE-2025-006.html https://www.first.org/epss https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2025-1080

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect