{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T08:02:02.180","vulnerabilities":[{"cve":{"id":"CVE-2025-1080","sourceIdentifier":"security@documentfoundation.org","published":"2025-03-04T20:15:36.867","lastModified":"2025-12-10T18:26:24.293","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments.\nThis issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1."},{"lang":"es","value":"LibreOffice admite esquemas URI de Office para permitir la integración de LibreOffice en el navegador con el servidor MS SharePoint. Se agregó un esquema adicional 'vnd.libreoffice.command' específico para LibreOffice. En las versiones afectadas de LibreOffice, se podía construir un vínculo en un navegador que usara ese esquema con una URL interna incrustada que, cuando se pasaba a LibreOffice, podía llamar a macros internas con argumentos arbitrarios. Este problema afecta a LibreOffice: desde la versión 24.8 hasta la 24.8.5, desde la versión 25.2 hasta la 25.2.1."}],"metrics":{"cvssMetricV40":[{"source":"security@documentfoundation.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@documentfoundation.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*","versionStartIncluding":"24.8.0.0","versionEndExcluding":"24.8.5.1","matchCriteriaId":"7D84D9AF-1B4C-46E6-8815-DF81A593E682"},{"vulnerable":true,"criteria":"cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*","versionStartIncluding":"25.2.0.0","versionEndExcluding":"25.2.1.1","matchCriteriaId":"A6A58FFD-FC60-4476-BF8D-86594BD24F6F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]}],"references":[{"url":"https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080","source":"security@documentfoundation.org","tags":["Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/06/msg00002.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}