CVE-2025-64405: 
Homebrew vulnerability analysis and mitigation

A missing Authorization vulnerability (CVE-2025-64405) was discovered in Apache OpenOffice through version 4.1.15. The vulnerability was discovered by Louis Bettels from Technische Universität Braunschweig and was disclosed on November 11, 2025. The vulnerability affects the DDE (Dynamic Data Exchange) functionality in Apache OpenOffice Calc spreadsheets, where external links could be loaded without proper user authorization (OpenOffice Security, OSS Security).

The vulnerability exists in Apache OpenOffice's handling of DDE (Dynamic Data Exchange) links within Calc spreadsheets. When a spreadsheet containing DDE links to external files is opened, the application would automatically load the contents of those files without prompting the user for permission, bypassing necessary security checks. The severity of this vulnerability is rated as 'moderate' with a CVSS v3.1 score of 7.5 HIGH (NVD Database).

If exploited, this vulnerability could allow an attacker to craft a malicious document that would automatically load external content without user consent. This could potentially lead to unauthorized data access or execution of malicious content through specially crafted DDE links (OpenOffice Security).

The vulnerability has been fixed in Apache OpenOffice version 4.1.16. Users of affected versions (4.1.15 and earlier) are strongly recommended to upgrade to version 4.1.16, which includes the security fix along with other bug fixes and enhancements (AOO Release Notes).