Main Vulnerability Database Vulnerabilities #VU118360

Buffer overflow in OpenOffice - CVE-2025-64406

Published: November 12, 2025

Vulnerability identifier: #VU118360

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2025-64406

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Apache Foundation

Affected software:
OpenOffice

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error CSV import. A remote attacker can trick the victim into importing a specially crafted CSV file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2025-64406

Install updates from vendor's website.

Sources

https://lists.apache.org/thread/7gbcmjoz04yz24lpz6zvd3zdq5y6ftd1

Buffer overflow in OpenOffice - CVE-2025-64406

Detailed vulnerability description

How to mitigate CVE-2025-64406

Sources

Please verify you're human