Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN789 _____________________________________________________________________ DATE : 13/11/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Apache OpenOffice versions prior to 4.1.16. ===================================================================== https://lists.apache.org/thread/o00dtgvhr9tx8r4y8vf6y2mg7nn6mx6c https://lists.apache.org/thread/tssrl88tygjsgk6csllm6p2fb6tlv8d8 https://lists.apache.org/thread/t7c6jhvdb00xtgd9vvn7h5sq9f4h5trt https://lists.apache.org/thread/08n4mdx0pnhqsllnkc63d27sdgq3tygc https://lists.apache.org/thread/0jjftxkcc4l9kt7jjn630hfrh2ygfcbk https://lists.apache.org/thread/py89gpogxfb2yo9c5vwv2h9x3m85pfmm https://lists.apache.org/thread/4yg1gv71f14fw4ky4ds50o6xjq49594g _____________________________________________________________________ CVE-2025-64401: Apache OpenOffice: Remote documents loaded without prompt via IFrame Severity: moderate Affected versions: - Apache OpenOffice through 4.1.15 Description: Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "floating frames" linked to external files would load the contents of those frames without prompting the user for permission to do so. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue. The LibreOffice suite reported this issue as CVE-2023-2255 Credit: Amel Bouziane-Leblond for discovering and reporting the issue (finder) References: https://www.openoffice.org/security/cves/CVE-2025-64401.html https://openoffice.apache.org/ https://www.cve.org/CVERecord?id=CVE-2025-64401 _____________________________________________________________________ CVE-2025-64402: Apache OpenOffice: Remote documents loaded without prompt via OLE objects Severity: moderate Affected versions: - Apache OpenOffice through 4.1.15 Description: Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "OLE objects" linked to external files would load the contents of those files without prompting the user for permission to do so. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue. Credit: Dawid Golunski, Doyensec LLC (finder) References: https://www.openoffice.org/security/cves/CVE-2025-64402.html https://openoffice.apache.org/ https://www.cve.org/CVERecord?id=CVE-2025-64402 _____________________________________________________________________ CVE-2025-64403: Apache OpenOffice: Remote documents loaded without prompt via "external data sources" in Calc Severity: moderate Affected versions: - Apache OpenOffice through 4.1.15 Description: Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links to be loaded without prompt. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue. Credit: Reginaldo Silva of ubercomp.com (finder) References: https://www.openoffice.org/security/cves/CVE-2025-64403.html https://openoffice.apache.org/ https://www.cve.org/CVERecord?id=CVE-2025-64403 _____________________________________________________________________ CVE-2025-64404: Apache OpenOffice: Remote documents loaded without prompt via background and bullet images Severity: moderate Affected versions: - Apache OpenOffice through 4.1.15 Description: Apache OpenOffice documents can contain links to other files. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used background fill images, or bullet images, linked to external files would load the contents of those files without prompting the user for permission to do so. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue. Credit: Reginaldo Silva of ubercomp.com (finder) References: https://www.openoffice.org/security/cves/CVE-2025-64404.html https://openoffice.apache.org/ https://www.cve.org/CVERecord?id=CVE-2025-64404 _____________________________________________________________________ CVE-2025-64405: Apache OpenOffice: Remote documents loaded without prompt via DDE function Severity: moderate Affected versions: - Apache OpenOffice through 4.1.15 Description: Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, Calc spreadsheet containing DDE links to external files would load the contents of those files without prompting the user for permission to do so. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue. Credit: Louis Bettels, Technische Universität Braunschweig (finder) References: https://www.openoffice.org/security/cves/CVE-2025-64405.html https://openoffice.apache.org/ https://www.cve.org/CVERecord?id=CVE-2025-64405 _____________________________________________________________________ CVE-2025-64406: Apache OpenOffice: Possible memory corruption during CSV import Severity: important Affected versions: - Apache OpenOffice through 4.1.15 Description: An out-of-bounds Write vulnerability in Apache OpenOffice could allow an attacker to craft a document that would crash the program, or otherwise corrupt other memory areas. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue. Credit: Damjan Jovanovic for discovering, reporting and fixing the issue (finder) References: https://www.openoffice.org/security/cves/CVE-2025-64406.html https://openoffice.apache.org/ https://www.cve.org/CVERecord?id=CVE-2025-64406 _____________________________________________________________________ CVE-2025-64407: Apache OpenOffice: URL fetching can be used to exfiltrate arbitrary INI file values and environment variables Severity: Moderate Affected versions: - Apache OpenOffice through 4.1.15 Description: Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. Such links could also be used to transmit system information, such as environment variables or configuration settings. In the affected versions of Apache OpenOffice, documents that used a certain URI scheme linking to external files would load the contents of such files without prompting the user for permission to do so. Such URI scheme allows to include system configuration data, that is not supposed to be transmitted externally. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue. The LibreOffice suite reported this issue as CVE-2024-12426. Credit: Thomas Rinsma of Codean Labs (finder) References: https://www.openoffice.org/security/cves/CVE-2025-64407.html https://openoffice.apache.org/ https://www.cve.org/CVERecord?id=CVE-2025-64407 ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================