Vulnerability DatabaseCVE-2025-64406

CVE-2025-64406:
Homebrew vulnerability analysis and mitigation

Overview

An out-of-bounds Write vulnerability (CVE-2025-64406) was discovered in Apache OpenOffice through version 4.1.15. The vulnerability was disclosed on November 11, 2025, and affects the CSV import functionality of the software. The issue was discovered, reported, and fixed by Damjan Jovanovic (OpenOffice Advisory, OSS Security).

Technical details

The vulnerability is classified as an out-of-bounds Write vulnerability that manifests during CSV file import operations in Apache OpenOffice. The issue has been rated as 'Important' in terms of severity. The vulnerability affects all versions of Apache OpenOffice through 4.1.15, with potential impact on OpenOffice.org versions as well (OpenOffice Advisory).

Impact

If successfully exploited, this vulnerability could allow an attacker to craft a malicious document that would either crash the program or corrupt other memory areas, potentially leading to program instability or security compromises (OpenOffice Advisory, OSS Security).

Mitigation and workarounds

The vulnerability has been fixed in Apache OpenOffice version 4.1.16. Users running affected versions are strongly recommended to upgrade to version 4.1.16, which contains the security fix along with other bug fixes and enhancements (OpenOffice Advisory, Release Notes).

Additional resources

Source: This report was generated using AI

Related Homebrew vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-58360	CRITICAL	9.8	Java	org.geoserver.web:gs-web-app	No	Yes	Nov 25, 2025
CVE-2025-65085	HIGH	8.4	NixOS	cobalt	No	No	Nov 25, 2025
CVE-2025-65084	HIGH	8.4	NixOS	argon	No	No	Nov 25, 2025
CVE-2025-59789	HIGH	7.5	Homebrew	brpc	No	Yes	Dec 01, 2025
CVE-2025-64761	HIGH	7.5	Wolfi	openbao	No	Yes	Nov 25, 2025