CVE-2025-64407: CWE-862 Missing Authorization in Apache Software Foundation Apache OpenOffice
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. Such links could also be used to transmit system information, such as environment variables or configuration settings. In the affected versions of Apache OpenOffice, documents that used a certain URI scheme linking to external files would load the contents of such files without prompting the user for permission to do so. Such URI scheme allows to include system configuration data, that is not supposed to be transmitted externally. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue. The LibreOffice suite reported this issue as CVE-2024-12426.
AI Analysis
Technical Summary
CVE-2025-64407 is a missing authorization vulnerability (CWE-862) affecting Apache OpenOffice versions through 4.1.15. Apache OpenOffice documents can embed links using specific URI schemes that reference external files or resources. Due to insufficient authorization checks, the application automatically loads these external links without prompting the user for permission. This behavior enables an attacker to craft malicious documents that, when opened, cause the application to fetch external resources silently. The external links can be designed to include sensitive system information such as environment variables or configuration files, which are then transmitted externally, leading to information disclosure (CWE-201). The vulnerability requires no privileges and no user interaction beyond opening the malicious document. The CVSS v3.1 base score is 5.3 (medium), reflecting network attack vector, low complexity, no privileges required, no user interaction, and limited confidentiality impact without integrity or availability effects. The issue was reserved and published in November 2025 and is fixed in Apache OpenOffice 4.1.16. LibreOffice has a similar vulnerability tracked as CVE-2024-12426, indicating a shared codebase or similar design flaw. No known exploits have been reported in the wild to date.
Potential Impact
For European organizations, this vulnerability poses a risk of unauthorized disclosure of sensitive system information through crafted documents. Attackers could leverage this flaw to gather environment variables and configuration data, which may include network settings, user information, or other internal details useful for further attacks or reconnaissance. This is particularly concerning for sectors handling sensitive or regulated data, such as finance, healthcare, and government agencies. The lack of user interaction requirement increases the risk of automated or targeted spear-phishing campaigns. While the vulnerability does not allow code execution or system compromise directly, the information leakage could facilitate subsequent attacks. Organizations relying on Apache OpenOffice for document handling or collaboration are at risk until they apply the patch. The medium severity score reflects the limited scope of impact but significant confidentiality concerns.
Mitigation Recommendations
European organizations should immediately upgrade all Apache OpenOffice installations to version 4.1.16 or later, which contains the fix for this vulnerability. Until upgrades are completed, organizations should implement strict email filtering and sandboxing to detect and block malicious documents exploiting this flaw. Disable or restrict the automatic loading of external links or URI schemes within OpenOffice documents via configuration or group policy if possible. Educate users to be cautious when opening documents from untrusted sources, especially those containing external links. Network monitoring for unusual outbound requests from client machines opening OpenOffice documents can help detect exploitation attempts. Additionally, consider deploying endpoint detection and response (EDR) solutions capable of identifying suspicious document behaviors. Regularly review and audit document handling policies to minimize exposure to malicious content.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Sweden, Poland, Austria
CVE-2025-64407: CWE-862 Missing Authorization in Apache Software Foundation Apache OpenOffice
Description
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. Such links could also be used to transmit system information, such as environment variables or configuration settings. In the affected versions of Apache OpenOffice, documents that used a certain URI scheme linking to external files would load the contents of such files without prompting the user for permission to do so. Such URI scheme allows to include system configuration data, that is not supposed to be transmitted externally. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue. The LibreOffice suite reported this issue as CVE-2024-12426.
AI-Powered Analysis
Technical Analysis
CVE-2025-64407 is a missing authorization vulnerability (CWE-862) affecting Apache OpenOffice versions through 4.1.15. Apache OpenOffice documents can embed links using specific URI schemes that reference external files or resources. Due to insufficient authorization checks, the application automatically loads these external links without prompting the user for permission. This behavior enables an attacker to craft malicious documents that, when opened, cause the application to fetch external resources silently. The external links can be designed to include sensitive system information such as environment variables or configuration files, which are then transmitted externally, leading to information disclosure (CWE-201). The vulnerability requires no privileges and no user interaction beyond opening the malicious document. The CVSS v3.1 base score is 5.3 (medium), reflecting network attack vector, low complexity, no privileges required, no user interaction, and limited confidentiality impact without integrity or availability effects. The issue was reserved and published in November 2025 and is fixed in Apache OpenOffice 4.1.16. LibreOffice has a similar vulnerability tracked as CVE-2024-12426, indicating a shared codebase or similar design flaw. No known exploits have been reported in the wild to date.
Potential Impact
For European organizations, this vulnerability poses a risk of unauthorized disclosure of sensitive system information through crafted documents. Attackers could leverage this flaw to gather environment variables and configuration data, which may include network settings, user information, or other internal details useful for further attacks or reconnaissance. This is particularly concerning for sectors handling sensitive or regulated data, such as finance, healthcare, and government agencies. The lack of user interaction requirement increases the risk of automated or targeted spear-phishing campaigns. While the vulnerability does not allow code execution or system compromise directly, the information leakage could facilitate subsequent attacks. Organizations relying on Apache OpenOffice for document handling or collaboration are at risk until they apply the patch. The medium severity score reflects the limited scope of impact but significant confidentiality concerns.
Mitigation Recommendations
European organizations should immediately upgrade all Apache OpenOffice installations to version 4.1.16 or later, which contains the fix for this vulnerability. Until upgrades are completed, organizations should implement strict email filtering and sandboxing to detect and block malicious documents exploiting this flaw. Disable or restrict the automatic loading of external links or URI schemes within OpenOffice documents via configuration or group policy if possible. Educate users to be cautious when opening documents from untrusted sources, especially those containing external links. Network monitoring for unusual outbound requests from client machines opening OpenOffice documents can help detect exploitation attempts. Additionally, consider deploying endpoint detection and response (EDR) solutions capable of identifying suspicious document behaviors. Regularly review and audit document handling policies to minimize exposure to malicious content.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apache
- Date Reserved
- 2025-11-02T10:18:16.326Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 6914547632a6693f6a1c8ad8
Added to database: 11/12/2025, 9:33:42 AM
Last enriched: 11/19/2025, 10:01:15 AM
Last updated: 2/7/2026, 12:36:06 PM
Views: 107
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-2085: Command Injection in D-Link DWR-M921
HighCVE-2026-2084: OS Command Injection in D-Link DIR-823X
HighCVE-2026-2083: SQL Injection in code-projects Social Networking Site
MediumCVE-2026-2082: OS Command Injection in D-Link DIR-823X
MediumCVE-2026-2080: Command Injection in UTT HiPER 810
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.