{"id":"CVE-2025-1080","details":"LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments.\nThis issue affects LibreOffice: from 24.8 before \u003c 24.8.5, from 25.2 before \u003c 25.2.1.","modified":"2026-03-19T12:51:00.186872Z","published":"2025-03-04T20:15:36.867Z","related":["ALSA-2025:2868","MGASA-2025-0103"],"references":[{"type":"ADVISORY","url":"https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2025/06/msg00002.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libreoffice/core","events":[{"introduced":"0"},{"fixed":"8e3f91296d65a47712b8a390b4731fa5a2f6c9af"},{"introduced":"0"},{"fixed":"e538fb6403facdfd3db0250c3b3278236c675c2a"}],"database_specific":{"versions":[{"introduced":"24.8.0.0"},{"fixed":"24.8.5.1"},{"introduced":"25.2.0.0"},{"fixed":"25.2.1.1"}]}}],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"11.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-1080.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}