CVE-2025-64405

Name of the Vulnerable Software and Affected Versions Apache OpenOffice versions through 4.1.15

Description Apache OpenOffice contains a missing authorization check when handling external links within documents. Specifically, Calc spreadsheets with Dynamic Data Exchange (DDE) links to external files could load the contents of those files without user confirmation. This could allow an attacker to craft a malicious document that, when opened, would execute code or access sensitive information from external sources without the user’s knowledge or consent.

Recommendations Upgrade to version 4.1.16 to resolve this issue.