nvd-json-data-feeds/CVE-2025/CVE-2025-10xx/CVE-2025-1080.json

{
  "id": "CVE-2025-1080",
  "sourceIdentifier": "security@documentfoundation.org",
  "published": "2025-03-04T20:15:36.867",
  "lastModified": "2025-03-04T20:15:36.867",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments.\nThis issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1."
    },
    {
      "lang": "es",
      "value": "LibreOffice admite esquemas URI de Office para permitir la integraci\u00f3n de LibreOffice en el navegador con el servidor MS SharePoint. Se agreg\u00f3 un esquema adicional 'vnd.libreoffice.command' espec\u00edfico para LibreOffice. En las versiones afectadas de LibreOffice, se pod\u00eda construir un v\u00ednculo en un navegador que usara ese esquema con una URL interna incrustada que, cuando se pasaba a LibreOffice, pod\u00eda llamar a macros internas con argumentos arbitrarios. Este problema afecta a LibreOffice: desde la versi\u00f3n 24.8 hasta la 24.8.5, desde la versi\u00f3n 25.2 hasta la 25.2.1."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "security@documentfoundation.org",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "attackVector": "LOCAL",
          "attackComplexity": "HIGH",
          "attackRequirements": "NONE",
          "privilegesRequired": "NONE",
          "userInteraction": "PASSIVE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "LOW",
          "vulnAvailabilityImpact": "HIGH",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "HIGH",
          "subAvailabilityImpact": "HIGH",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirement": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "availabilityRequirement": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED"
        }
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@documentfoundation.org",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080",
      "source": "security@documentfoundation.org"
    }
  ]
}