A critical security vulnerability, CVE-2025-1080, in LibreOffice was discovered, potentially exposing millions of users to remote code execution via manipulated macro URLs. The vulnerability, present in versions before 24.8.5 and 25.2.1, enabled attackers to bypass security protocols and execute arbitrary scripts, posing a significant risk to document collaboration workflows. The flaw was particularly dangerous in SharePoint-integrated environments, allowing attackers to embed malicious payloads in document-sharing links that could compromise networks without users downloading any files. The use of such links could lead to ransomware deployment or data exfiltration.
Source: https://cybersecuritynews.com/libreoffice-vulnerability-arbitrary-script/
"id": "dod405030625",
"linkid": "dod-osbp",
"type": "Vulnerability",
"date": "3/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"