Apache OpenOffice has released version 4.1.16, addressing seven critical security vulnerabilities that enable unauthorized remote document loading and memory corruption attacks.
These flaws represent a significant security risk to users of the popular open-source office suite. The most severe vulnerabilities involve unauthorized remote content loading without user prompts or warnings.
Attackers can exploit these weaknesses to load malicious external documents through multiple attack vectors:
Unauthorized Remote Content Loading
CVE-2025-64401 allows remote document loading via IFrame elements, while CVE-2025-64402 leverages OLE objects for the same purpose.
CVE-2025-64403 exploits the Calc spreadsheet application through external data sources, and CVE-2025-64404 abuses background and bullet images.
Additionally, CVE-2025-64405 manipulates the DDE function to fetch remote content without user interaction.
These remote content-loading vulnerabilities create opportunities for attackers to deliver malware and steal sensitive information.
Conduct targeted phishing campaigns by embedding malicious content in seemingly legitimate office documents.
Memory Corruption and Data Exfiltration
Beyond unauthorized content loading, CVE-2025-64406 introduces a critical memory corruption vulnerability during CSV file imports.
This flaw could enable arbitrary code execution if successfully exploited with specially crafted CSV files. OpenOffice concerning the issue is CVE-2025-64407, which enables URL fetching to extract arbitrary INI file values and environment variables.
This vulnerability enables attackers to extract sensitive configuration data and system information from affected systems.
Users should update to Apache OpenOffice 4.1.16 immediately to patch these vulnerabilities. The affected versions include all installations before 4.1.16.
Organizations relying on OpenOffice for document processing should prioritize this update in their patch management schedules.
The previous version 4.1.15 addressed additional critical issues, including use-after-free vulnerabilities, arbitrary file write capabilities in Base, and macro execution flaws.
These layered fixes demonstrate ongoing security challenges in the OpenOffice codebase. OpenOffice system administrators should implement the following measures: Deploy version 4.1.16 across all systems, restrict macro execution policies.
Disable DDE functions when not required and implement network monitoring to detect suspicious document-loading behavior. Users should exercise caution when opening documents from untrusted sources until updates are fully deployed.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
