CVE-2025-0514: Executable hyperlink Windows path targets executed unconditionally on activation

Q: What is the severity of CVE-2025-0514?

CVE-2025-0514 has a medium severity rating due to its improper input validation allowing unwanted execution of Windows Executables.

Q: How do I fix CVE-2025-0514?

To fix CVE-2025-0514, update LibreOffice to version 24.8.5 or later.

Q: Which versions of LibreOffice are affected by CVE-2025-0514?

CVE-2025-0514 affects LibreOffice versions from 24.8 up to but not including 24.8.5.

Q: What impact does CVE-2025-0514 have on users?

CVE-2025-0514 may allow attackers to execute Windows Executables without user consent when hyperlinks are activated.

Q: Is CVE-2025-0514 present in LibreOffice on all operating systems?

CVE-2025-0514 specifically affects the Windows versions of LibreOffice.

Published Feb 25, 2025

Updated

Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.This issue affects LibreOffice: from 24.8 before < 24.8.5.

Affected Software

2 affected components

The Document Foundation LibreOffice>24.8, <24.8.5

LibreOffice Libreoffice>=24.8.0.0<24.8.5.1

Event History

Feb 25, 2025

CVE Published

via MITRE·09:16 PM

Data Sourced

via MITRE·09:16 PM

DescriptionWeakness

Data Sourced

via NVD·10:15 PM

DescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2025-0514?

CVE-2025-0514 has a medium severity rating due to its improper input validation allowing unwanted execution of Windows Executables.

How do I fix CVE-2025-0514?

To fix CVE-2025-0514, update LibreOffice to version 24.8.5 or later.

Which versions of LibreOffice are affected by CVE-2025-0514?

CVE-2025-0514 affects LibreOffice versions from 24.8 up to but not including 24.8.5.

What impact does CVE-2025-0514 have on users?

CVE-2025-0514 may allow attackers to execute Windows Executables without user consent when hyperlinks are activated.

Is CVE-2025-0514 present in LibreOffice on all operating systems?

CVE-2025-0514 specifically affects the Windows versions of LibreOffice.

CVSS Score

7.2High

High Severity

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Security Metrics

Risk Score68

Severityhigh(7.8)

CWE

Timeline

PublishedFeb 25, 2025

Updated

References

libreoffice.org/about-us/security/adv...

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.