Detections
Analytics
Apache OpenOffice < 4.1.16 Multiple Vulnerabilities
high Nessus Plugin ID 275412
Language:
Synopsis
The remote Windows host has an application installed that is affected by multiple vulnerabilities.Description
The version of Apache OpenOffice installed on the remote host is prior to 4.1.16. It is, therefore, affected by multiple vulnerabilities, including:- Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of 'external data sources'. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links to be loaded without prompt. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue. (CVE-2025-64403)
- Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used 'floating frames' linked to external files would load the contents of those frames without prompting the user for permission to do so. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue. The LibreOffice suite reported this issue as CVE-2023-2255. (CVE-2025-64401)
- Apache OpenOffice documents can contain links to other files. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used background fill images, or bullet images, linked to external files would load the contents of those files without prompting the user for permission to do so. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue. (CVE-2025-64404)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Apache OpenOffice version 4.1.16 or later.See Also
https://www.openoffice.org/security/bulletin.html
https://www.openoffice.org/security/cves/CVE-2025-64401.html
https://www.openoffice.org/security/cves/CVE-2025-64402.html
https://www.openoffice.org/security/cves/CVE-2025-64403.html
https://www.openoffice.org/security/cves/CVE-2025-64404.html
https://www.openoffice.org/security/cves/CVE-2025-64405.html
https://www.openoffice.org/security/cves/CVE-2025-64406.html
https://www.openoffice.org/security/cves/CVE-2025-64407.html
Plugin Details
Severity: High
ID: 275412
File Name: openoffice_4116.nasl
Version: 1.1
Type: local
Agent: windows
Family: Windows
Published: 11/14/2025
Updated: 11/14/2025
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.0
CVSS v2
Risk Factor: High
Base Score: 8.8
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:N
CVSS Score Source: CVE-2025-64403
CVSS v3
Risk Factor: High
Base Score: 8.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Information
CPE: cpe:/a:apache:openoffice
Required KB Items: installed_sw/OpenOffice
Patch Publication Date: 11/10/2025
Vulnerability Publication Date: 11/10/2025
Reference Information
CVE: CVE-2025-64401, CVE-2025-64402, CVE-2025-64403, CVE-2025-64404, CVE-2025-64405, CVE-2025-64406, CVE-2025-64407
IAVA: 2025-A-0828