CVE-2023-2255 in LibreOffice
Summary
by MITRE • 05/25/2023
Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 11/15/2025
The vulnerability identified as CVE-2023-2255 represents a critical access control flaw within the editor components of LibreOffice, a widely used office suite developed by The Document Foundation. This weakness specifically targets the handling of floating frames in document processing, creating an avenue for malicious actors to execute unauthorized external resource loading. The flaw exists in the document rendering logic where certain linked content types are processed without proper user consent mechanisms, fundamentally undermining the security model that users expect when opening office documents.
The technical implementation of this vulnerability stems from an inconsistent security treatment within LibreOffice's document parsing engine. When processing documents containing floating frames that reference external files, the software fails to prompt users for explicit permission before establishing network connections or loading remote content. This behavior deviates from the standard treatment of other linked content types within the same application, creating a security gap that attackers can exploit. The vulnerability specifically affects versions where floating frame content is automatically resolved without user interaction, bypassing the normal security checks that should govern external resource access. This flaw manifests as an improper access control condition that aligns with CWE-284, which addresses inadequate access control mechanisms in software applications.
The operational impact of this vulnerability extends beyond simple document rendering, creating potential vectors for information leakage, remote code execution, and network-based attacks. When users open maliciously crafted documents, the automatic loading of external content can result in unintended network connections to attacker-controlled servers, potentially leading to data exfiltration or command execution. The vulnerability is particularly concerning because it operates silently without user awareness, making it difficult to detect and mitigate. Attackers can craft documents that appear legitimate while simultaneously establishing connections to malicious infrastructure, leveraging the trust relationship between the document and the user's system. This issue affects both the 7.4 and 7.5 release series of LibreOffice, with patched versions available starting from 7.4.7 and 7.5.3 respectively, highlighting the widespread nature of the affected software ecosystem.
Mitigation strategies for this vulnerability should focus on immediate software updates to patched versions, which address the improper access control by implementing proper user consent mechanisms for external resource loading. Organizations should implement network monitoring to detect unauthorized external connections initiated by LibreOffice processes, particularly when opening untrusted documents. Additionally, system administrators should consider implementing application whitelisting policies that restrict the execution of LibreOffice in environments where document security is paramount. The ATT&CK framework categorizes this vulnerability under T1190 - Exploit Public-Facing Application, as it represents an attack vector through document-based exploitation. Security teams should also consider deploying sandboxing solutions for document processing and implementing email filtering rules that block potentially malicious office documents from entering the network. The vulnerability demonstrates the importance of consistent security treatment across all content types within office applications and serves as a reminder of the critical need for proper access control implementation in document processing systems.