CVE-2025-1080
libreoffice - security update
7.8
HIGH
CVSS 3.1
EPSS 0.12%
Description
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments. This issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1.
How to fix CVE-2025-1080
To remediate CVE-2025-1080, upgrade the affected package to a fixed version below.
- —upgrade to 1:7.0.4-4+deb11u13 or later
- —upgrade to 1:7.0.4-4+deb11u13 or later
- —upgrade to 4:7.4.7-1+deb12u7 or later
Is CVE-2025-1080 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 1:7.0.4-4+deb11u13
- from 0, < 1:7.0.4-4+deb11u13
- from 0, < 4:7.4.7-1+deb12u7
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |