CVE-2025-1080

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-1080
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-1080.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-1080
Downstream
Related
Published
2025-03-04T20:15:36.867Z
Modified
2026-03-19T12:51:00.186872Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments. This issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1.

References

Affected packages

Git / github.com/libreoffice/core

Affected ranges

Type
GIT
Repo
https://github.com/libreoffice/core
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8e3f91296d65a47712b8a390b4731fa5a2f6c9af
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e538fb6403facdfd3db0250c3b3278236c675c2a
Database specific 
{
    "versions": [
        {
            "introduced": "24.8.0.0"
        },
        {
            "fixed": "24.8.5.1"
        },
        {
            "introduced": "25.2.0.0"
        },
        {
            "fixed": "25.2.1.1"
        }
    ]
}

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.0"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-1080.json"