CVE-2025-1080

Published Mar 4, 2025

Last updated 3 months ago

CVSS high 7.2

Overview

Description
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments. This issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1.
Source
security@documentfoundation.org
NVD status
Received

Risk scores

CVSS 4.0

Type
Secondary
Base score
7.2
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

Weaknesses

security@documentfoundation.org
CWE-20

Social media

Hype score
Not currently trending

  1. #Vulnerability #CVE20251080 CVE-2025-1080: LibreOffice Patches Security Flaw Allowing Arbitrary Script Execution https://t.co/Nophdl0bkI

    @Komodosec

    6 May 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-1080 https://t.co/KlxF7qjmho

    @Icare1337

    8 Mar 2025

    297 Impressions

    0 Retweets

    14 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. ⚠️ Vulnerability Alert: LibreOffice Macro Script Execution Vulnerability 📅 Timeline: Disclosure: 2025-03-04, Patch: 2025-03-04 🆔cveId: CVE-2025-1080 📊baseScore: 7.2 📏cvssMetrics: CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H cvssSeverity: High 🟠… https:

    @syedaquib77

    6 Mar 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 A critical vulnerability (CVE-2025-1080) in LibreOffice allows attackers to execute arbitrary scripts. Affects versions before 24.8.5 &amp; 25.2.1. Update now to protect data! 🛡️ #LibreOffice #MalwareRisk #Germany link: https://t.co/4lUV39pA7O https://t.co/8gmY4QMmvR

    @TweetThreatNews

    6 Mar 2025

    55 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 CVE-2025-1080 🔴 HIGH (7.2) 🏢 The Document Foundation - LibreOffice 🏗️ 24.8 🔗 https://t.co/Q0HpnzaDJz #CyberCron #VulnAlert #InfoSec https://t.co/SEbUOuG9IQ

    @cybercronai

    6 Mar 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-1080 LibreOffice URI Scheme Vulnerability Enables Arbitrary Macro Execution https://t.co/l12HEFWGbP

    @VulmonFeeds

    5 Mar 2025

    30 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.