Libreofffice is a popular open source office suit used by millions of users as an alternative to Microsoft Office. We have followed the Libraffes on this blog for about 15 years. Free tool developers are Just confirm A new safety issue in Libreoffice that only affects users on Windows.
Description:
- Libreoffice 24.8 to 24.8.4 are affected by this issue.
- Attackers can take advantage of the problem to launch executive files when users activate the link in Libreoffice documents.
- The severity is more.
About vulnerability
Libreoffice documents may have links. Users can open direct links by placing Ctrl-key below before left-click on links. The office suit includes protection against launching executable files directly from the link.
How it is trigger: Users are required to actively click CTRL-on links in Libreoffice documents to trigger vulnerability.
The vulnerability cve-2025-0514 is a bypass that allows the attackers to create specially designed documents that contain links that can run executable files on the target system.
Libreoffice suggests that the integrated “mechanisms can be bypassed using non-filing URLs that can be interpreted by Shellaxute as Windows File Path”.
Nice to know: Shellexecute has a Windows function to launch applications.
Solution: Install update at Libreoffice 24.8.5
A new version of Libreoffice was released last week that fixes the safety problem by blocking the link security.
Libreofffice is available 24.8.5 and users are encouraged to install a new version on their devices, especially if they run the software on Windows PC.
Downloads are given on officer Project websiteNote that Libreoffice is the rear stable branch of 24.8.x Open Office Suit. You can also download and install Libreoffice 25.2.1, which is the current stable version.
Note that developers do not mention Libreofffice 25.2.1 in terms of vulnerability. This shows that there is also the latest version – probability – not affected by vulnerability.
Thanks for reading..
