The recent release of Apache OpenOffice version 4.1.16 has introduced essential patches for seven critical vulnerabilities that could potentially allow unauthorized remote document loading and memory corruption. Among the most severe flaws is CVE-2025-64401, which permits remote document loading through IFrame elements, along with related vulnerabilities such as CVE-2025-64402, CVE-2025-64403, and CVE-2025-64404 that exploit various functionalities. Attackers can leverage these weaknesses to deliver malware through targeted phishing campaigns, making it crucial for users to update as soon as possible.
Furthermore, the vulnerabilities extend to memory corruption issues, notably CVE-2025-64406, which compromises CSV file imports and could lead to arbitrary code execution if exploited. Another critical concern is CVE-2025-64407, which allows attackers to extract sensitive configuration data from affected systems. Organizations using OpenOffice are advised to prioritize this update, enforce macro execution policies, disable unnecessary DDE functions, and closely monitor their systems for suspicious activities. The multifaceted nature of these vulnerabilities underlines the pressing need for proactive cybersecurity measures in document processing applications.
👉 Pročitaj original: Cyber Security News
