Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2025-2577
Vulnerability from csaf_certbund - Published: 2025-11-11 23:00 - Updated: 2025-11-12 23:00Summary
Apache OpenOffice: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
OpenOffice ist ein OpenSource Programmpaket von Apache mit zahlreichen Office-Anwendugen. Es enthält Programme zur Textverarbeitung, Tabellenkalkulation, Präsentation, Zeichnungen sowie eine Datenbank.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Apache OpenOffice ausnutzen, um vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und eine Speicherbeschädigung durchzuführen, was zur Ausführung von beliebigem Code führen könnte.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "OpenOffice ist ein OpenSource Programmpaket von Apache mit zahlreichen Office-Anwendugen. Es enth\u00e4lt Programme zur Textverarbeitung, Tabellenkalkulation, Pr\u00e4sentation, Zeichnungen sowie eine Datenbank.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Apache OpenOffice ausnutzen, um vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und eine Speicherbesch\u00e4digung durchzuf\u00fchren, was zur Ausf\u00fchrung von beliebigem Code f\u00fchren k\u00f6nnte.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2577 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2577.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2577 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2577"
},
{
"category": "external",
"summary": "Apache OpenOffice Security Advisory CVE-2025-64401 vom 2025-11-11",
"url": "https://www.openoffice.org/security/cves/CVE-2025-64401.html"
},
{
"category": "external",
"summary": "Apache OpenOffice Security Advisory CVE-2025-64402 vom 2025-11-11",
"url": "https://www.openoffice.org/security/cves/CVE-2025-64402.html"
},
{
"category": "external",
"summary": "Apache OpenOffice Security Advisory CVE-2025-64403 vom 2025-11-11",
"url": "https://www.openoffice.org/security/cves/CVE-2025-64403.html"
},
{
"category": "external",
"summary": "Apache OpenOffice Security Advisory CVE-2025-64404 vom 2025-11-11",
"url": "https://www.openoffice.org/security/cves/CVE-2025-64404.html"
},
{
"category": "external",
"summary": "Apache OpenOffice Security Advisory CVE-2025-64405 vom 2025-11-11",
"url": "https://www.openoffice.org/security/cves/CVE-2025-64405.html"
},
{
"category": "external",
"summary": "Apache OpenOffice Security Advisory CVE-2025-64406 vom 2025-11-11",
"url": "https://www.openoffice.org/security/cves/CVE-2025-64406.html"
},
{
"category": "external",
"summary": "Apache OpenOffice Security Advisory CVE-2025-64407 vom 2025-11-11",
"url": "https://www.openoffice.org/security/cves/CVE-2025-64407.html"
}
],
"source_lang": "en-US",
"title": "Apache OpenOffice: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-11-12T23:00:00.000+00:00",
"generator": {
"date": "2025-11-13T10:07:49.139+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2577",
"initial_release_date": "2025-11-11T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-11-11T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-11-12T23:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2025-119983, EUVD-2025-124971, EUVD-2025-124972, EUVD-2025-124979, EUVD-2025-124980, EUVD-2025-124981, EUVD-2025-124973"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.1.16",
"product": {
"name": "Apache OpenOffice \u003c4.1.16",
"product_id": "T048540"
}
},
{
"category": "product_version",
"name": "4.1.16",
"product": {
"name": "Apache OpenOffice 4.1.16",
"product_id": "T048540-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:openoffice:4.1.16"
}
}
}
],
"category": "product_name",
"name": "OpenOffice"
}
],
"category": "vendor",
"name": "Apache"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64401",
"product_status": {
"known_affected": [
"T048540"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-64401"
},
{
"cve": "CVE-2025-64402",
"product_status": {
"known_affected": [
"T048540"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-64402"
},
{
"cve": "CVE-2025-64403",
"product_status": {
"known_affected": [
"T048540"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-64403"
},
{
"cve": "CVE-2025-64404",
"product_status": {
"known_affected": [
"T048540"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-64404"
},
{
"cve": "CVE-2025-64405",
"product_status": {
"known_affected": [
"T048540"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-64405"
},
{
"cve": "CVE-2025-64406",
"product_status": {
"known_affected": [
"T048540"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-64406"
},
{
"cve": "CVE-2025-64407",
"product_status": {
"known_affected": [
"T048540"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-64407"
}
]
}
CVE-2025-64406 (GCVE-0-2025-64406)
Vulnerability from cvelistv5 – Published: 2025-11-12 09:11 – Updated: 2025-11-12 17:09
VLAI?
EPSS
Title
Apache OpenOffice: Possible memory corruption during CSV import
Summary
An out-of-bounds Write vulnerability in Apache OpenOffice could allow an attacker to craft a document that would crash the program, or otherwise corrupt other memory areas.
This issue affects Apache OpenOffice: through 4.1.15.
Users are recommended to upgrade to version 4.1.16, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenOffice |
Affected:
0 , ≤ 4.1.15
(semver)
|
Credits
Damjan Jovanovic for discovering, reporting and fixing the issue
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-12T10:06:09.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/11/11/9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-64406",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T16:41:46.913554Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T17:09:01.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache OpenOffice",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4.1.15",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Damjan Jovanovic for discovering, reporting and fixing the issue"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn out-of-bounds Write vulnerability in Apache OpenOffice could allow an attacker to craft a document that would crash the program, or otherwise corrupt other memory areas.\u003c/p\u003e\u003cp\u003eThis issue affects Apache OpenOffice: through 4.1.15.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 4.1.16, which fixes the issue.\u003c/p\u003e"
}
],
"value": "An out-of-bounds Write vulnerability in Apache OpenOffice could allow an attacker to craft a document that would crash the program, or otherwise corrupt other memory areas.\n\nThis issue affects Apache OpenOffice: through 4.1.15.\n\nUsers are recommended to upgrade to version 4.1.16, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T09:11:47.133Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.openoffice.org/security/cves/CVE-2025-64406.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/py89gpogxfb2yo9c5vwv2h9x3m85pfmm"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache OpenOffice: Possible memory corruption during CSV import",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-64406",
"datePublished": "2025-11-12T09:11:47.133Z",
"dateReserved": "2025-11-02T10:05:15.686Z",
"dateUpdated": "2025-11-12T17:09:01.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64404 (GCVE-0-2025-64404)
Vulnerability from cvelistv5 – Published: 2025-11-12 09:08 – Updated: 2025-11-13 16:41
VLAI?
EPSS
Title
Apache OpenOffice: Remote documents loaded without prompt via background and bullet images
Summary
Apache OpenOffice documents can contain links to other files. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links
to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used background fill images, or bullet images, linked to external files would
load the contents of those files without prompting the user for
permission to do so.
This issue affects Apache OpenOffice: through 4.1.15.
Users are recommended to upgrade to version 4.1.16, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenOffice |
Affected:
0 , ≤ 4.1.15
(semver)
|
Credits
Reginaldo Silva of ubercomp.com
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-12T10:06:06.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/11/11/7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-64404",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T16:41:26.881531Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T16:41:33.471Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache OpenOffice",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4.1.15",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Reginaldo Silva of ubercomp.com"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eApache OpenOffice documents can contain links to other files. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links \nto be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used background fill images, or bullet images, linked to external files would \nload the contents of those files without prompting the user for \npermission to do so.\u003c/p\u003e\u003cp\u003eThis issue affects Apache OpenOffice: through 4.1.15.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 4.1.16, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Apache OpenOffice documents can contain links to other files. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links \nto be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used background fill images, or bullet images, linked to external files would \nload the contents of those files without prompting the user for \npermission to do so.\n\nThis issue affects Apache OpenOffice: through 4.1.15.\n\nUsers are recommended to upgrade to version 4.1.16, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T09:08:34.261Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.openoffice.org/security/cves/CVE-2025-64404.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/08n4mdx0pnhqsllnkc63d27sdgq3tygc"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache OpenOffice: Remote documents loaded without prompt via background and bullet images",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-64404",
"datePublished": "2025-11-12T09:08:34.261Z",
"dateReserved": "2025-11-02T09:49:27.879Z",
"dateUpdated": "2025-11-13T16:41:33.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64403 (GCVE-0-2025-64403)
Vulnerability from cvelistv5 – Published: 2025-11-12 09:04 – Updated: 2025-11-12 14:47
VLAI?
EPSS
Title
Apache OpenOffice: Remote documents loaded without prompt via "external data sources" in Calc
Summary
Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links
to be loaded without prompt.
This issue affects Apache OpenOffice: through 4.1.15.
Users are recommended to upgrade to version 4.1.16, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenOffice |
Affected:
0 , ≤ 4.1.15
(semver)
|
Credits
Reginaldo Silva of ubercomp.com
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-12T09:06:12.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/11/11/6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-64403",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T14:46:24.702344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T14:47:26.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache OpenOffice",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4.1.15",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Reginaldo Silva of ubercomp.com"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eApache OpenOffice Calc spreadsheet can contain links to other files, in the form of \"external data sources\". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links \nto be loaded without prompt.\u003c/p\u003e\u003cp\u003eThis issue affects Apache OpenOffice: through 4.1.15.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 4.1.16, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of \"external data sources\". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links \nto be loaded without prompt.\n\nThis issue affects Apache OpenOffice: through 4.1.15.\n\nUsers are recommended to upgrade to version 4.1.16, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T09:04:50.392Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.openoffice.org/security/cves/CVE-2025-64403.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/t7c6jhvdb00xtgd9vvn7h5sq9f4h5trt"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache OpenOffice: Remote documents loaded without prompt via \"external data sources\" in Calc",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-64403",
"datePublished": "2025-11-12T09:04:50.392Z",
"dateReserved": "2025-11-02T08:38:57.625Z",
"dateUpdated": "2025-11-12T14:47:26.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64401 (GCVE-0-2025-64401)
Vulnerability from cvelistv5 – Published: 2025-11-12 08:58 – Updated: 2025-11-12 14:50
VLAI?
EPSS
Title
Apache OpenOffice: Remote documents loaded without prompt via IFrame
Summary
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links
to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "floating frames" linked to external files would
load the contents of those frames without prompting the user for
permission to do so.
This issue affects Apache OpenOffice: through 4.1.15.
Users are recommended to upgrade to version 4.1.16, which fixes the issue.
The LibreOffice suite reported this issue as CVE-2023-2255
Severity ?
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenOffice |
Affected:
0 , ≤ 4.1.15
(semver)
|
Credits
Amel Bouziane-Leblond for discovering and reporting the issue
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-64401",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T14:50:27.226997Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T14:50:48.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache OpenOffice",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4.1.15",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Amel Bouziane-Leblond for discovering and reporting the issue"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eApache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice\u0026nbsp;allowed an attacker to craft a document that would cause external links \nto be loaded without prompt.\u0026nbsp;In the affected versions of Apache OpenOffice, documents that used \"floating frames\" linked to external files would \nload the contents of those frames without prompting the user for \npermission to do so.\u003c/p\u003e\u003cp\u003eThis issue affects Apache OpenOffice: through 4.1.15.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 4.1.16, which fixes the issue.\u003c/p\u003e\u003cp\u003eThe LibreOffice suite reported this issue as\u0026nbsp;CVE-2023-2255\u003c/p\u003e"
}
],
"value": "Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice\u00a0allowed an attacker to craft a document that would cause external links \nto be loaded without prompt.\u00a0In the affected versions of Apache OpenOffice, documents that used \"floating frames\" linked to external files would \nload the contents of those frames without prompting the user for \npermission to do so.\n\nThis issue affects Apache OpenOffice: through 4.1.15.\n\nUsers are recommended to upgrade to version 4.1.16, which fixes the issue.\n\nThe LibreOffice suite reported this issue as\u00a0CVE-2023-2255"
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T08:58:18.371Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.openoffice.org/security/cves/CVE-2025-64401.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/o00dtgvhr9tx8r4y8vf6y2mg7nn6mx6c"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache OpenOffice: Remote documents loaded without prompt via IFrame",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-64401",
"datePublished": "2025-11-12T08:58:18.371Z",
"dateReserved": "2025-11-02T07:28:25.037Z",
"dateUpdated": "2025-11-12T14:50:48.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64402 (GCVE-0-2025-64402)
Vulnerability from cvelistv5 – Published: 2025-11-12 09:03 – Updated: 2025-11-12 14:49
VLAI?
EPSS
Title
Apache OpenOffice: Remote documents loaded without prompt via OLE objects
Summary
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links
to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "OLE objects" linked to external files would
load the contents of those files without prompting the user for
permission to do so.
This issue affects Apache OpenOffice: through 4.1.15.
Users are recommended to upgrade to version 4.1.16, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenOffice |
Affected:
0 , ≤ 4.1.15
(semver)
|
Credits
Dawid Golunski, Doyensec LLC
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-12T09:06:11.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/11/11/5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-64402",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T14:48:43.479848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T14:49:16.168Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache OpenOffice",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4.1.15",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dawid Golunski, Doyensec LLC"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eApache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links \nto be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used \"OLE objects\" linked to external files would \nload the contents of those files without prompting the user for \npermission to do so.\u003c/p\u003e\u003cp\u003eThis issue affects Apache OpenOffice: through 4.1.15.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 4.1.16, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links \nto be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used \"OLE objects\" linked to external files would \nload the contents of those files without prompting the user for \npermission to do so.\n\nThis issue affects Apache OpenOffice: through 4.1.15.\n\nUsers are recommended to upgrade to version 4.1.16, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T09:03:01.604Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.openoffice.org/security/cves/CVE-2025-64402.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/tssrl88tygjsgk6csllm6p2fb6tlv8d8"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache OpenOffice: Remote documents loaded without prompt via OLE objects",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-64402",
"datePublished": "2025-11-12T09:03:01.604Z",
"dateReserved": "2025-11-02T08:22:18.671Z",
"dateUpdated": "2025-11-12T14:49:16.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64407 (GCVE-0-2025-64407)
Vulnerability from cvelistv5 – Published: 2025-11-12 09:12 – Updated: 2025-11-13 16:32
VLAI?
EPSS
Title
Apache OpenOffice: URL fetching can be used to exfiltrate arbitrary INI file values and environment variables
Summary
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links
to be loaded without prompt. Such links could also be used to transmit system information, such as environment variables or configuration settings.
In the affected versions of Apache OpenOffice, documents that used a certain URI scheme linking to external files would
load the contents of such files without prompting the user for
permission to do so. Such URI scheme allows to include system configuration data, that is not supposed to be transmitted externally.
This issue affects Apache OpenOffice: through 4.1.15.
Users are recommended to upgrade to version 4.1.16, which fixes the issue.
The LibreOffice suite reported this issue as CVE-2024-12426.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenOffice |
Affected:
0 , ≤ 4.1.15
(semver)
|
Credits
Thomas Rinsma of Codean Labs
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-64407",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T16:31:52.530807Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T16:32:12.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache OpenOffice",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4.1.15",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thomas Rinsma of Codean Labs"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eApache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links \nto be loaded without prompt. Such links could also be used to transmit system information, such as environment variables or configuration settings.\u003c/p\u003e\u003cp\u003eIn the affected versions of Apache OpenOffice, documents that used a certain URI scheme linking to external files would \nload the contents of such files without prompting the user for \npermission to do so. Such URI scheme allows to include system configuration data, that is not supposed to be transmitted externally.\u003c/p\u003e\u003cp\u003eThis issue affects Apache OpenOffice: through 4.1.15.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 4.1.16, which fixes the issue.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe LibreOffice suite reported this issue as\u0026nbsp;CVE-2024-12426.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links \nto be loaded without prompt. Such links could also be used to transmit system information, such as environment variables or configuration settings.\n\nIn the affected versions of Apache OpenOffice, documents that used a certain URI scheme linking to external files would \nload the contents of such files without prompting the user for \npermission to do so. Such URI scheme allows to include system configuration data, that is not supposed to be transmitted externally.\n\nThis issue affects Apache OpenOffice: through 4.1.15.\n\nUsers are recommended to upgrade to version 4.1.16, which fixes the issue.\n\n\n\n\n\nThe LibreOffice suite reported this issue as\u00a0CVE-2024-12426."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T09:12:48.714Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.openoffice.org/security/cves/CVE-2025-64407.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/4yg1gv71f14fw4ky4ds50o6xjq49594g"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache OpenOffice: URL fetching can be used to exfiltrate arbitrary INI file values and environment variables",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-64407",
"datePublished": "2025-11-12T09:12:48.714Z",
"dateReserved": "2025-11-02T10:18:16.326Z",
"dateUpdated": "2025-11-13T16:32:12.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64405 (GCVE-0-2025-64405)
Vulnerability from cvelistv5 – Published: 2025-11-12 09:10 – Updated: 2025-11-13 16:40
VLAI?
EPSS
Title
Apache OpenOffice: Remote documents loaded without prompt via DDE function
Summary
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links
to be loaded without prompt. In the affected versions of Apache OpenOffice, Calc spreadsheet containing DDE links to external files would
load the contents of those files without prompting the user for
permission to do so.
This issue affects Apache OpenOffice: through 4.1.15.
Users are recommended to upgrade to version 4.1.16, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenOffice |
Affected:
0 , ≤ 4.1.15
(semver)
|
Credits
Louis Bettels, Technische Universität Braunschweig
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-12T10:06:08.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/11/11/8"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-64405",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T16:40:34.344465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T16:40:51.632Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache OpenOffice",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4.1.15",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Louis Bettels, Technische Universit\u00e4t Braunschweig"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eApache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links \nto be loaded without prompt. In the affected versions of Apache OpenOffice, Calc spreadsheet containing DDE links to external files would \nload the contents of those files without prompting the user for \npermission to do so.\u003c/p\u003e\u003cp\u003eThis issue affects Apache OpenOffice: through 4.1.15.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 4.1.16, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links \nto be loaded without prompt. In the affected versions of Apache OpenOffice, Calc spreadsheet containing DDE links to external files would \nload the contents of those files without prompting the user for \npermission to do so.\n\nThis issue affects Apache OpenOffice: through 4.1.15.\n\nUsers are recommended to upgrade to version 4.1.16, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T09:10:35.778Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.openoffice.org/security/cves/CVE-2025-64405.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/0jjftxkcc4l9kt7jjn630hfrh2ygfcbk"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache OpenOffice: Remote documents loaded without prompt via DDE function",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-64405",
"datePublished": "2025-11-12T09:10:35.778Z",
"dateReserved": "2025-11-02T09:56:16.204Z",
"dateUpdated": "2025-11-13T16:40:51.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…