CVE-2025-64404 is a missing authorization vulnerability (CWE-862) identified in Apache OpenOffice versions through 4.1.15. Apache OpenOffice documents can embed links to external files, such as background fill images or bullet images. Due to improper authorization checks, when a user opens a maliciously crafted document, the application automatically loads the linked external resources without prompting the user for permission. This bypasses expected security controls that prevent unauthorized external resource loading, potentially exposing sensitive data or allowing an attacker to influence document content integrity. The vulnerability requires no user interaction beyond opening the document and no authentication, making it remotely exploitable. The CVSS v3.1 base score is 7.5, reflecting network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, no confidentiality impact, high integrity impact, and no availability impact. The flaw could be leveraged to exfiltrate local files referenced by the external links or inject malicious content into documents, undermining trust in document authenticity. The Apache Software Foundation addressed this issue in version 4.1.16 by enforcing proper authorization checks before loading external linked resources. No public exploits have been reported to date, but the vulnerability poses a significant risk given the widespread use of Apache OpenOffice in various sectors.

For European organizations, this vulnerability presents a risk of unauthorized data disclosure and document integrity compromise. Attackers could craft documents that silently load external files, potentially leaking sensitive internal files or injecting malicious content into documents used for business processes. This could affect confidentiality and integrity of information, especially in sectors relying heavily on document workflows such as government, finance, legal, and education. Since Apache OpenOffice is used across Europe, organizations that have not upgraded to version 4.1.16 remain vulnerable to remote exploitation without user interaction or authentication. This could lead to targeted espionage, data leakage, or supply chain attacks via document sharing. The lack of user prompts increases the likelihood of successful exploitation. Although no availability impact is expected, the integrity and confidentiality risks are significant. The absence of known exploits in the wild provides a window for mitigation, but the threat remains high due to ease of exploitation and potential impact.

European organizations should immediately upgrade all Apache OpenOffice installations to version 4.1.16 or later to remediate this vulnerability. Until upgrades are complete, organizations should implement strict document handling policies, including disabling automatic loading of external content in OpenOffice settings if possible. Employ network-level controls to restrict outbound connections from workstations running Apache OpenOffice to untrusted external resources. Educate users to be cautious with documents from untrusted sources, especially those containing embedded images or external links. Use endpoint detection and response (EDR) tools to monitor for unusual file access or network activity triggered by document processing. Incorporate document sanitization or scanning solutions that can detect and block malicious embedded links. Maintain an inventory of systems running Apache OpenOffice to ensure comprehensive patch deployment. Finally, monitor vendor advisories and threat intelligence feeds for any emerging exploit activity related to this CVE.