Security vulnerability in Libreoffice puts Windows users at risk
Vulnerability in Libreoffice puts Windows users at risk
Attackers can potentially execute in using specially crafted hyperlinks in documents.
There is a vulnerability in the widely used free office suite Libreoffice that allows attackers to execute malicious code on third-party Windows systems. All that is required is to open a specially crafted hyperlink in a document on the target system. The vulnerability is registered as and has a high severity level with a CVSS value of 7.2.
Libreoffice is known to have a function that allows hyperlinks to be opened directly with one click by holding down the Ctrl key. As the developers of the office suite explain , the respective link is transferred to the of the Windows operating system.
Links to executable files are blocked by Libreoffice so that the mere opening of a link cannot lead to potentially dangerous code execution. However, CVE-2025-0514 may allow the mechanism responsible for this to be bypassed, for example to execute malware.
A patch is available
According to the security report, the vulnerability can be exploited by using special non-file URLs, which are interpreted by Shellexecute as Windows file paths. However, the Libreoffice developers do not explain what these URLs look like in detail. According to the information, Libreoffice versions 24.8.0 up to and including 24.8.4 are affected.
The vulnerability was closed with . Users are advised to update the Office suite promptly in order to protect themselves against possible attacks. The latest version can be downloaded . The developers do not provide any information about the newer Libreoffice 25.2 being affected.
Found on