CVE-2025-0514

High

Published: 25 February 2025

Published

25 February 2025

Modified

10 December 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0020 41.6th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0514 is a high-severity Improper Input Validation (CWE-20) vulnerability in Libreoffice Libreoffice. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 41.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Malicious File (T1204.002). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

SI-2 requires timely identification, reporting, and correction of system flaws like the improper input validation in LibreOffice, directly enabling patching to the fixed version 24.8.5.

SI-10 Information Input Validation good match

prevent

SI-10 mandates validation of information inputs such as hyperlink targets in documents processed by LibreOffice, directly addressing the CWE-20 improper input validation vulnerability.

SI-3 Malicious Code Protection partial match

preventdetect

SI-3 implements malicious code protection mechanisms that can scan, block, or quarantine the Windows executable launched via the malicious hyperlink, mitigating the arbitrary code execution impact.

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

Vulnerability enables direct execution of arbitrary Windows executables via malicious hyperlink activation inside a delivered document file, matching T1204.002 User Execution: Malicious File.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.This issue affects LibreOffice: from 24.8 before < 24.8.5.

Deeper analysisAI

CVE-2025-0514 is an Improper Input Validation vulnerability (CWE-20) in The Document Foundation's LibreOffice. The flaw allows Windows Executable hyperlink targets within documents to be executed unconditionally upon activation. This issue affects LibreOffice versions from 24.8 prior to 24.8.5 and has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

Exploitation requires an attacker to deliver a malicious LibreOffice document to a target user, who must then open it locally and activate a hyperlink pointing to a Windows executable, such as by clicking it. No special privileges are needed (PR:N), but local attack vector (AV:L) and user interaction (UI:R) are required, with low complexity (AC:L). Successful activation leads to arbitrary code execution with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), running the executable in the context of the user.

The LibreOffice security advisory at https://www.libreoffice.org/about-us/security/advisories/cve-2025-0514 provides details on the vulnerability. Mitigation involves updating to LibreOffice 24.8.5 or later, where the improper validation of hyperlink targets has been addressed.