Description

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments. This issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1.

INFO

Published Date :

2025-03-04T20:04:10.946Z

Last Modified :

2025-11-03T19:35:13.950Z

Source :

Document Fdn.
AFFECTED PRODUCTS

The following products are affected by CVE-2025-1080 vulnerability.

Vendors Products
Debian
  • Debian Linux
Libreoffice
  • Libreoffice
Redhat
  • Enterprise Linux
  • Rhel Aus
  • Rhel E4s
  • Rhel Els
  • Rhel Eus
  • Rhel Tus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-1080.

URL Resource
https://lists.debian.org/debian-lts-announce/2025/06/msg00002.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-1080 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-1080 cve-icon
https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact