CVE-2025-64407

Name of the Vulnerable Software and Affected Versions Apache OpenOffice versions through 4.1.15

Description Apache OpenOffice contains a missing authorization check when handling external links within documents. This allows an attacker to create a malicious document that loads external files without user confirmation. These links can be used to transmit sensitive system information, such as environment variables and configuration settings. The affected versions utilize a URI scheme that enables the inclusion of system configuration data, potentially exposing it externally.

Recommendations Upgrade to version 4.1.16 to resolve this issue.