Critical LibreOffice arbitrary script execution vulnerability allows taking control of the device with single click

LibreOffice is a free and open-source office productivity software suite, a project of The Document Foundation. It was forked in 2010 from, an open-sourced version of the earlier StarOffice.  The company has published a advisory of a critical vulnerability in its office product.

Macro URL arbitrary script execution : CVE-ID: CVE-2022-3140


The flaw enables a remote adversary to run any shell commands they choose on the victim machine.

The flaw is caused by incorrect input verification during the “vnd.libreoffice.command'” URI scheme parameter parsing process. By creating a specially constructed document and deceiving the target into opening it, a remote adversary can run internal macros with any parameters.

This vulnerability may be totally exploited, which would compromise the system.


Install updates from Libreoffice webiste for these vulnerable software versions

LibreOffice: –, –, –, –, –, –, –