CVE-2025-64403

CVE-2025-64403: Apache OpenOffice: Remote documents loaded without prompt via "external data sources" in Calc

Vendor Apache Software Foundation

Product Apache OpenOffice

Weakness CWE-862 · Missing authorization

Published November 12, 2025

Last update November 12, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links to be loaded without prompt. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue.

Key dates

Disclosure timeline

November 12, 2025 CVE published

November 12, 2025 Record updated