Main Vulnerability Database Vulnerabilities #VU118355

Missing Authorization in OpenOffice - CVE-2025-64402

Published: November 12, 2025

Vulnerability identifier: #VU118355

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-64402

CWE-ID: CWE-862

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Apache Foundation

Affected software:
OpenOffice

Detailed vulnerability description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to missing authorization when loading external OLE objects. The software fails to request permission to load an object, which can lead to a spoofing attack and information disclosure.

How to mitigate CVE-2025-64402

Install updates from vendor's website.

Sources

https://lists.apache.org/thread/4k2bynk7yonzn5p93qpccj1t69lcqtzw

Missing Authorization in OpenOffice - CVE-2025-64402

Detailed vulnerability description

How to mitigate CVE-2025-64402

Sources

Please verify you're human