Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.This issue affects LibreOffice: from 24.8 before < 24.8.5.
CVE ID: CVE-2025-0514
CVSS Base Severity: HIGH
CVSS Base Score: 7.2
CVSS Vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H
Vendor: The Document Foundation
Product: LibreOffice
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 10.17% (scored less or equal to compared to others)
EPSS Date: 2025-03-26 (when was this score calculated)
SSVC Exploitation: none
SSVC Technical Impact: total
SSVC Automatable: false