A recent security advisory from LibreOffice has revealed information about a vulnerability known as vaulting (CVE-2025-1080), which allows for the execution of arbitrary scripts without alerting the user. This vulnerability poses a high level of danger, with a severity rating of 7.2 out of 10. The issue has been addressed in the latest updates for LibreOffice, specifically versions 24.8.5 and 25.2.1.
The vulnerability stems from the ability to invoke macros using the ‘vnd.libreoffice.command:’ URI scheme for integration with MS SharePoint servers. Attackers could exploit this URI scheme to create malicious links that trigger internal macros with arbitrary arguments when processed in LibreOffice, posing a significant security risk.
/Reports, release notes, official announcements.