CVE-2025-64405 is a missing authorization vulnerability classified under CWE-862 found in Apache OpenOffice, specifically affecting versions through 4.1.15. The vulnerability arises because Apache OpenOffice Calc spreadsheets can contain Dynamic Data Exchange (DDE) links to external files, which are loaded automatically without prompting the user for permission. This lack of authorization checking allows an attacker to craft a malicious spreadsheet document that, when opened, silently loads external file contents. This behavior can lead to unauthorized disclosure of sensitive information or manipulation of data integrity by injecting or loading unintended content. The vulnerability is remotely exploitable without requiring any privileges or user interaction, as simply opening the crafted document triggers the exploit. The CVSS v3.1 base score is 7.5, indicating high severity, with the vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N, meaning network attack vector, low attack complexity, no privileges or user interaction required, unchanged scope, no confidentiality impact but high integrity impact, and no availability impact. The issue is resolved in Apache OpenOffice version 4.1.16, which introduces proper authorization checks before loading external links in Calc documents. No known exploits have been reported in the wild to date, but the vulnerability's characteristics make it a significant risk, especially in environments where untrusted documents are opened.

For European organizations, this vulnerability poses a significant risk to data integrity and confidentiality. Attackers can exploit this flaw to inject or load malicious external content into spreadsheets without user awareness, potentially leading to unauthorized data manipulation or leakage. Sectors that heavily rely on Apache OpenOffice for document processing, including government agencies, educational institutions, and small to medium enterprises, may be particularly vulnerable. The lack of user prompts increases the risk of silent exploitation, which can facilitate advanced persistent threats or insider attacks. Although availability is not affected, the integrity compromise could disrupt business processes, lead to regulatory non-compliance (e.g., GDPR concerns regarding data exposure), and damage organizational reputation. The vulnerability's ease of exploitation and network accessibility make it a viable vector for widespread attacks if weaponized. Organizations with automated document processing workflows or those that accept documents from external sources are at elevated risk.

European organizations should prioritize upgrading Apache OpenOffice installations to version 4.1.16 or later, where the vulnerability is patched. Until upgrades are completed, implement strict document handling policies that restrict opening Calc spreadsheets from untrusted or unknown sources. Deploy endpoint security solutions capable of detecting and blocking malicious document behaviors, including abnormal DDE link activity. Educate users about the risks of opening unsolicited or suspicious documents, emphasizing the importance of verifying document origins. Network-level controls such as sandboxing document processing or isolating document viewers can reduce exposure. Additionally, consider disabling or restricting DDE functionality within Apache OpenOffice if feasible, or employ application whitelisting to prevent unauthorized document execution. Regularly audit and monitor logs for unusual document access or external link loading activities. Finally, maintain up-to-date threat intelligence feeds to detect emerging exploit attempts targeting this vulnerability.