LibreOffice: Sharepoint integration function enables macro execution
LibreOffice warns of a security vulnerability in the office software. Attackers can use it to execute macros.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
The project has discovered a security vulnerability in LibreOffice. Attackers can use it to execute macros. Updated software fixes the vulnerabilities.
The LibreOffice developers warn of the vulnerability in a security notice. LibreOffice supports Office URI schemes to enable the browser integration of LibreOffice with Sharepoint servers. The developers have also added the URI scheme “vnd.libreoffice.command”.
Anchoring of URI schemes for SharePoint servers problematic
A carefully prepared link in the browser can use this URI scheme to embed an inner URL that executes macros with any arguments, provided it is processed by LibreOffice. The developers are correcting this bypassing of security mechanisms, which are intended to prevent macro execution, for example, with new software versions(CVE-2025-1080, CVSS 7.2, risk “high”).
The vulnerability affects LibreOffice 24.8 and 25.2. The currently available versions 24.8.5 and 25.2.1 correct the security-relevant errors. They are available for download on the LibreOffice download website. The bug-fixed versions have already been available for several weeks: LibreOffice 24.8.5.1 was released on January 29, the current version is 24.8.5.2 from February 14. Version 25.2.1.1 was released on February 9, the current version is 25.2.1.2 from February 24.
IT managers and LibreOffice users should ensure that they have installed the latest version to minimize the attack surface for cyber criminals.
The LibreOffice project had already warned of a security vulnerability last week. Attackers were able to abuse the vulnerability by manipulating links in documents. It was possible to call up executable files in Windows and thus potentially cause damage. Version 24.8.5 has closed the gap.
(dmk)