{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1080", "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "state": "PUBLISHED", "assignerShortName": "Document Fdn.", "dateReserved": "2025-02-06T13:14:08.175Z", "datePublished": "2025-03-04T20:04:10.946Z", "dateUpdated": "2025-11-03T19:35:13.950Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "LibreOffice", "vendor": "The Document Foundation", "versions": [{"lessThan": "< 24.8.5", "status": "affected", "version": "24.8", "versionType": "24.8 series"}, {"lessThan": "< 25.2.1", "status": "affected", "version": "25.2", "versionType": "25.2 series"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Thanks to Amel Bouziane-Leblond for finding and reporting this issue."}], "datePublic": "2025-03-04T19:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments.<br><p>This issue affects LibreOffice: from 24.8 before &lt; 24.8.5, from 25.2 before &lt; 25.2.1.</p>"}], "value": "LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments.\nThis issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1."}], "impacts": [{"capecId": "CAPEC-160", "descriptions": [{"lang": "en", "value": "CAPEC-160 Exploit Script-Based APIs"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 7.2, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn.", "dateUpdated": "2025-03-04T20:04:10.946Z"}, "references": [{"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080"}], "source": {"discovery": "EXTERNAL"}, "title": "Macro URL arbitrary script execution", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-04T20:34:55.887296Z", "id": "CVE-2025-1080", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T20:35:03.500Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00002.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:35:13.950Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1080", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-04T20:34:55.887296Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T20:35:00.173Z"}}], "cna": {"title": "Macro URL arbitrary script execution", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Thanks to Amel Bouziane-Leblond for finding and reporting this issue."}], "impacts": [{"capecId": "CAPEC-160", "descriptions": [{"lang": "en", "value": "CAPEC-160 Exploit Script-Based APIs"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.2, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "The Document Foundation", "product": "LibreOffice", "versions": [{"status": "affected", "version": "24.8", "lessThan": "< 24.8.5", "versionType": "24.8 series"}, {"status": "affected", "version": "25.2", "lessThan": "< 25.2.1", "versionType": "25.2 series"}], "defaultStatus": "unknown"}], "datePublic": "2025-03-04T19:00:00.000Z", "references": [{"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments.\nThis issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1.", "supportingMedia": [{"type": "text/html", "value": "LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments.<br><p>This issue affects LibreOffice: from 24.8 before &lt; 24.8.5, from 25.2 before &lt; 25.2.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn.", "dateUpdated": "2025-03-04T20:04:10.946Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1080", "state": "PUBLISHED", "dateUpdated": "2025-03-04T20:35:03.500Z", "dateReserved": "2025-02-06T13:14:08.175Z", "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "datePublished": "2025-03-04T20:04:10.946Z", "assignerShortName": "Document Fdn."}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D84D9AF-1B4C-46E6-8815-DF81A593E682", "versionEndExcluding": "24.8.5.1", "versionStartIncluding": "24.8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6A58FFD-FC60-4476-BF8D-86594BD24F6F", "versionEndExcluding": "25.2.1.1", "versionStartIncluding": "25.2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments.\nThis issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1."}, {"lang": "es", "value": "LibreOffice admite esquemas URI de Office para permitir la integraci\u00f3n de LibreOffice en el navegador con el servidor MS SharePoint. Se agreg\u00f3 un esquema adicional 'vnd.libreoffice.command' espec\u00edfico para LibreOffice. En las versiones afectadas de LibreOffice, se pod\u00eda construir un v\u00ednculo en un navegador que usara ese esquema con una URL interna incrustada que, cuando se pasaba a LibreOffice, pod\u00eda llamar a macros internas con argumentos arbitrarios. Este problema afecta a LibreOffice: desde la versi\u00f3n 24.8 hasta la 24.8.5, desde la versi\u00f3n 25.2 hasta la 25.2.1."}], "id": "CVE-2025-1080", "lastModified": "2025-12-10T18:26:24.293", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@documentfoundation.org", "type": "Secondary"}]}, "published": "2025-03-04T20:15:36.867", "references": [{"source": "security@documentfoundation.org", "tags": ["Vendor Advisory"], "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00002.html"}], "sourceIdentifier": "security@documentfoundation.org", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@documentfoundation.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2025:3390", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "libreoffice-1:5.3.6.1-27.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:2868", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libreoffice-1:6.4.7.2-19.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-03-17T00:00:00Z"}, {"advisory": "RHSA-2025:3265", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "libreoffice-1:6.0.6.1-23.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3267", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "libreoffice-1:6.4.7.2-18.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3267", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "libreoffice-1:6.4.7.2-18.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3267", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "libreoffice-1:6.4.7.2-18.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3269", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "libreoffice-1:6.4.7.2-18.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3269", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "libreoffice-1:6.4.7.2-18.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3269", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "libreoffice-1:6.4.7.2-18.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3169", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "libreoffice-1:6.4.7.2-18.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-03-25T00:00:00Z"}, {"advisory": "RHSA-2025:3408", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "libreoffice-1:7.1.8.1-15.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:3550", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "libreoffice-1:7.1.8.1-14.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-04-03T00:00:00Z"}, {"advisory": "RHSA-2025:3549", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "libreoffice-1:7.1.8.1-14.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-04-03T00:00:00Z"}, {"advisory": "RHSA-2025:3548", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "libreoffice-1:7.1.8.1-15.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-04-03T00:00:00Z"}], "bugzilla": {"description": "libreoffice: Macro URL arbitrary script execution", "id": "2349906", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349906"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments.\nThis issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1.", "A flaw was found in LibreOffice. In the affected versions of LibreOffice, a link in a browser using that scheme could be constructed with an embedded inner URL that, when passed to LibreOffice, could call internal macros with arbitrary arguments."], "name": "CVE-2025-1080", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2025-03-04T20:04:10Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-1080\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-1080\nhttps://www.libreoffice.org/about-us/security/advisories/cve-2025-1080"], "statement": "This vulnerability is rated as an important severity due to the potential for an attacker to exploit the 'vnd.libreoffice.command' URI scheme to execute arbitrary internal macros with crafted arguments and could lead to unauthorized code execution and impact system integrity and confidentiality", "threat_severity": "Important"}

{}