CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-0514: Executable hyperlink Windows path targets executed unconditionally on activation

7.2 CVSS

Description

Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.This issue affects LibreOffice: from 24.8 before < 24.8.5.

Classification

CVE ID: CVE-2025-0514

CVSS Base Severity: HIGH

CVSS Base Score: 7.2

CVSS Vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H

Problem Types

CWE-20 Improper Input Validation

Affected Products

Vendor: The Document Foundation

Product: LibreOffice

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 10.17% (scored less or equal to compared to others)

EPSS Date: 2025-03-26 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: total

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-0514
https://www.libreoffice.org/about-us/security/advisories/cve-2025-0514

Timeline

2025-02-25 22:40:17 UTC
CVE

Executable hyperlink Windows path targets executed unconditionally on activation