{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1080", "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "state": "PUBLISHED", "assignerShortName": "Document Fdn.", "dateReserved": "2025-02-06T13:14:08.175Z", "datePublished": "2025-03-04T20:04:10.946Z", "dateUpdated": "2025-03-04T20:35:03.500Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "LibreOffice", "vendor": "The Document Foundation", "versions": [{"lessThan": "< 24.8.5", "status": "affected", "version": "24.8", "versionType": "24.8 series"}, {"lessThan": "< 25.2.1", "status": "affected", "version": "25.2", "versionType": "25.2 series"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Thanks to Amel Bouziane-Leblond for finding and reporting this issue."}], "datePublic": "2025-03-04T19:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments.<br><p>This issue affects LibreOffice: from 24.8 before &lt; 24.8.5, from 25.2 before &lt; 25.2.1.</p>"}], "value": "LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments.\nThis issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1."}], "impacts": [{"capecId": "CAPEC-160", "descriptions": [{"lang": "en", "value": "CAPEC-160 Exploit Script-Based APIs"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 7.2, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn.", "dateUpdated": "2025-03-04T20:04:10.946Z"}, "references": [{"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080"}], "source": {"discovery": "EXTERNAL"}, "title": "Macro URL arbitrary script execution", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-04T20:34:55.887296Z", "id": "CVE-2025-1080", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T20:35:03.500Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1080", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-04T20:34:55.887296Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T20:35:00.173Z"}}], "cna": {"title": "Macro URL arbitrary script execution", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Thanks to Amel Bouziane-Leblond for finding and reporting this issue."}], "impacts": [{"capecId": "CAPEC-160", "descriptions": [{"lang": "en", "value": "CAPEC-160 Exploit Script-Based APIs"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.2, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "The Document Foundation", "product": "LibreOffice", "versions": [{"status": "affected", "version": "24.8", "lessThan": "< 24.8.5", "versionType": "24.8 series"}, {"status": "affected", "version": "25.2", "lessThan": "< 25.2.1", "versionType": "25.2 series"}], "defaultStatus": "unknown"}], "datePublic": "2025-03-04T19:00:00.000Z", "references": [{"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments.\nThis issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1.", "supportingMedia": [{"type": "text/html", "value": "LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments.<br><p>This issue affects LibreOffice: from 24.8 before &lt; 24.8.5, from 25.2 before &lt; 25.2.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn.", "dateUpdated": "2025-03-04T20:04:10.946Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1080", "state": "PUBLISHED", "dateUpdated": "2025-03-04T20:35:03.500Z", "dateReserved": "2025-02-06T13:14:08.175Z", "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "datePublished": "2025-03-04T20:04:10.946Z", "assignerShortName": "Document Fdn."}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments.\nThis issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1."}], "id": "CVE-2025-1080", "lastModified": "2025-03-04T20:15:36.867", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@documentfoundation.org", "type": "Secondary"}]}, "published": "2025-03-04T20:15:36.867", "references": [{"source": "security@documentfoundation.org", "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080"}], "sourceIdentifier": "security@documentfoundation.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@documentfoundation.org", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:3390", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "libreoffice-1:5.3.6.1-27.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:2868", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libreoffice-1:6.4.7.2-19.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-03-17T00:00:00Z"}, {"advisory": "RHSA-2025:3265", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "libreoffice-1:6.0.6.1-23.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3267", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "libreoffice-1:6.4.7.2-18.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3267", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "libreoffice-1:6.4.7.2-18.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3267", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "libreoffice-1:6.4.7.2-18.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3269", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "libreoffice-1:6.4.7.2-18.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3269", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "libreoffice-1:6.4.7.2-18.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3269", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "libreoffice-1:6.4.7.2-18.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3169", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "libreoffice-1:6.4.7.2-18.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-03-25T00:00:00Z"}, {"advisory": "RHSA-2025:3408", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "libreoffice-1:7.1.8.1-15.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:3550", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "libreoffice-1:7.1.8.1-14.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-04-03T00:00:00Z"}, {"advisory": "RHSA-2025:3549", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "libreoffice-1:7.1.8.1-14.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-04-03T00:00:00Z"}, {"advisory": "RHSA-2025:3548", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "libreoffice-1:7.1.8.1-15.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-04-03T00:00:00Z"}], "bugzilla": {"description": "libreoffice: Macro URL arbitrary script execution", "id": "2349906", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349906"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments.\nThis issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1.", "A flaw was found in LibreOffice. In the affected versions of LibreOffice, a link in a browser using that scheme could be constructed with an embedded inner URL that, when passed to LibreOffice, could call internal macros with arbitrary arguments."], "name": "CVE-2025-1080", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2025-03-04T20:04:10Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-1080\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-1080\nhttps://www.libreoffice.org/about-us/security/advisories/cve-2025-1080"], "statement": "This vulnerability is rated as an important severity due to the potential for an attacker to exploit the 'vnd.libreoffice.command' URI scheme to execute arbitrary internal macros with crafted arguments and could lead to unauthorized code execution and impact system integrity and confidentiality", "threat_severity": "Important"}