Vulnerability has been discovered in a recent version of the LibreOffice office suite. It makes it possible to run malicious remote code in order to compromise the victim’s computer. An update corrects the problem.
A worrying security flaw was recently discovered in one of the last versions of the open source and free LibreOffice office suite. Referenced under the number CVE-2025-0514it displays a gravity score of 7.2 on the index rating scale Common Vulnerability and exhibitswhich is considered to be very high in this database that lists known computer vulnerabilities.
This flaw concerns the direct opening function of hyperlinks in the LibreOffice documents. This mechanism provides access to an external resource for office automation, such as a website or a file, keeping the key Ctrl of the keyboard and by clicking on a hypertext link present in the document. On Windows, LibreOffice relies on the system function Shellexecute To correctly open the links thus clicked.
To avoid transmitting an executable command or file, LibreOffice normally has a protective mechanism which prevents such elements from being sent to the function Shellexecute. Nevertheless, a method of bypassing this protection has been discovered and allows an attacker to execute malicious remote code on the computer of his target. Thus, LibreOffice users on Windows can see their computer compromised simply by clicking on a bond trapped in a document.
Fortunately, this security flaw has already been corrected by the development teams of the office suite. Vulnerability has been identified from version 24.8 of LibreOffice, published in August 2024, users of older versions are therefore not a priori concerned. For the others, it is strongly recommended to update the application now to version 24.8.5 or 25.2.1, both including the correction of the safety flaw.
If you have a doubt about the LibreOffice version installed on your computer, you can find it very easily: open the application and click on Help in the menu bar and then on About Libreoffice. A small window will appear and tell you the number of the installed version. In addition, in order to make sure that your application remains up to date, go around the menu Tools> Options> Update online and check that the box Automatically check the available updates is well checked, and that the selected periodicity is Daily Or Weekly.