[CIVN-2025-0331] Multiple Vulnerabilities in Apache OpenOffice
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Apache OpenOffice
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: High
Software Affected
· Apache OpenOffice versions prior to 4.1.16
Overview
Multiple vulnerabilities have been reported in Apache OpenOffice, which could allow a remote attacker to load external resources without user authorisation, leak sensitive system information, or cause an application crash and memory corruption on the targeted system.
Target Audience:
All end-user organisations and individuals using Apache OpenOffice.
Impact Assessment:
Potential for unauthorised external resource loading, information exposure, and application instability due to memory corruption.
Risk Assessment:
High risk of information leakage, unauthorised network requests, and application crashes.
Description
Apache OpenOffice is a free and open-source office productivity suite that provides applications for word processing, spreadsheets, presentations, graphics, databases, and formula editing.
Multiple vulnerabilities exist in Apache OpenOffice due to missing authorisation checks for external resource loading and an out-of-bounds write condition in the CSV import component. A remote attacker could exploit these vulnerabilities by persuading a user to open a specially crafted OpenOffice document or spreadsheet.
Successful exploitation of these vulnerabilities could allow a remote attacker to load external resources without user authorisation, leak sensitive system information, or cause an application crash and memory corruption on the targeted system.
Solution:
Apply appropriate fixes mentioned by Apache OpenOffice below.
https://www.openoffice.org/security/bulletin.html
https://www.openoffice.org/security/cves/CVE-2025-64401.html
https://www.openoffice.org/security/cves/CVE-2025-64402.html
https://www.openoffice.org/security/cves/CVE-2025-64403.html
https://www.openoffice.org/security/cves/CVE-2025-64404.html
https://www.openoffice.org/security/cves/CVE-2025-64405.html
https://www.openoffice.org/security/cves/CVE-2025-64406.html
https://www.openoffice.org/security/cves/CVE-2025-64407.html
Vendor Information:
Apache OpenOffice
https://www.openoffice.org/product/index.html
References:
Apache OpenOffice
https://www.openoffice.org/security/bulletin.html
https://www.openoffice.org/security/cves/CVE-2025-64401.html
https://www.openoffice.org/security/cves/CVE-2025-64402.html
https://www.openoffice.org/security/cves/CVE-2025-64403.html
https://www.openoffice.org/security/cves/CVE-2025-64404.html
https://www.openoffice.org/security/cves/CVE-2025-64405.html
https://www.openoffice.org/security/cves/CVE-2025-64406.html
https://www.openoffice.org/security/cves/CVE-2025-64407.html
CVE Name
CVE-2025-64401
CVE-2025-64402
CVE-2025-64403
CVE-2025-64404
CVE-2025-64405
CVE-2025-64406
CVE-2025-64407
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkghisACgkQ3jCgcSdc
ys+MhQ//TqrfLEDnf+StNMyUtPgh16vb5O5CjfheLWZkTZOTRmm9fEo99rlBQvgZ
cuU30CouCV8ic2FuJfOTS+23gP6vBAN2e3X6RQkE3Z+Wq7gTqx3IUjh0j6bhZpqB
HkH17+nB9f2MtVEe2vSf42Qv7T7R/gIetvOSxprxVv6Z1vt1Ti/pwDgAT5MpMZw1
HpobySOyn7mRtWgyW37DMn1xdSWREIVzMvNKcypd/bup3udzP3XwTY3XNVvpt8l0
qALvWribiHV2P05mB1K2TSZAreIB2r8PuP+oXYydqpyqwj+WFwS2B+ecugIxox+T
3+9jwhGXxn1n3QPNn2BoSu0N9aGJSVbjLnSJ+Mfp3p1r6kVKkTcq4gmZT8VGMOPn
OBshCNtunxt4cPtSae1i68PA1QSvzBI39DHj/IXN1w0cQY6gqZ41n4877GrDYmL5
S+rUU3VlgK0HJWne+y+Gvx/ZJSUo18Br/otcUx9jiRrTF/qGVO4pDhIBITVy58MX
Bzl2IE6rN7bf0XobLLkI4d6cXXbFjHbTXInMGdr8iAJIDeHJaAWdzyYOWoU1kMuM
dTXq6yNUBGI4qrm5MD9rL1EvG+291vmB9gm03a5+66UZ3q8gfba9XEDejKJwbYRj
KCwiXlkJtf3+XHsI6gWr3HfZPVV0mrT8oP8Ao1Ipmnlw+UvdkQo=
=llfw
—–END PGP SIGNATURE—–
![[CIVN-2025-0334]Multiple Vulnerabilities in HPE Aruba Products](https://teamwin.in/wp-content/uploads/2025/06/certin-new-e1751351599950-500x383.png)
