CVE-2025-1080 is a vulnerability classified under CWE-20 (Improper Input Validation) affecting LibreOffice versions 24.8 prior to 24.8.5 and 25.2 prior to 25.2.1. LibreOffice supports Office URI schemes to enable integration with Microsoft SharePoint servers via browsers. A LibreOffice-specific URI scheme, 'vnd.libreoffice.command', was introduced to facilitate this integration. The vulnerability arises because the input passed through this URI scheme is not properly validated, allowing an attacker to embed an inner URL that can invoke LibreOffice internal macros with arbitrary arguments. This means that if a user clicks on a specially crafted link in a browser, LibreOffice could be tricked into executing macros that may perform unauthorized actions such as data manipulation, execution of malicious code, or other harmful operations. The attack vector is local, requiring the user to interact by clicking the malicious link, and the attack complexity is high, indicating that exploitation requires precise conditions. No privileges or authentication are required, but user interaction is necessary. The vulnerability affects confidentiality, integrity, and availability due to the potential for arbitrary macro execution. Although no known exploits are currently reported in the wild, the presence of this vulnerability in widely used LibreOffice versions integrated with SharePoint environments presents a significant risk. The CVSS 4.0 score of 7.2 reflects these factors, emphasizing the importance of mitigation.

For European organizations, this vulnerability poses a considerable risk, especially for enterprises and public sector entities that rely on LibreOffice integrated with Microsoft SharePoint for document management and collaboration. Successful exploitation could lead to unauthorized macro execution, potentially resulting in data leakage, corruption, or disruption of document workflows. This could compromise sensitive information, damage organizational reputation, and interrupt business operations. The requirement for user interaction means phishing or social engineering campaigns could be leveraged to exploit this vulnerability. Given the widespread use of LibreOffice in European public administrations, educational institutions, and businesses, the impact could be broad. Additionally, organizations with strict regulatory compliance requirements (e.g., GDPR) may face legal and financial consequences if data confidentiality or integrity is compromised. The high attack complexity somewhat limits mass exploitation but targeted attacks against high-value targets remain a concern.

1. Update LibreOffice to versions 24.8.5 or later and 25.2.1 or later as soon as patches become available. 2. Until patches are applied, disable or restrict the use of the 'vnd.libreoffice.command' URI scheme in browser and system settings to prevent automatic invocation. 3. Implement strict macro security policies within LibreOffice, such as disabling macros by default and allowing only digitally signed macros from trusted sources. 4. Educate users about the risks of clicking on unsolicited or suspicious links, especially those that may invoke document editing applications. 5. Employ endpoint protection solutions capable of detecting and blocking suspicious macro execution or unusual LibreOffice behaviors. 6. Monitor network and system logs for unusual activity related to LibreOffice or SharePoint integration. 7. Consider isolating document editing environments or using sandboxing techniques to limit potential damage from macro execution. 8. Coordinate with IT and security teams to review and harden integration points between LibreOffice and SharePoint.