###CVE-2025-64403: Remote documents loaded without prompt via "external data sources" in Calc ####Description Apache OpenOffice Calc spreadsheets can contain links to other files, in the form of "external data sources". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links to be loaded without prompt. This issue affects Apache OpenOffice: through 4.1.15. ####Severity: Moderate There are no known exploits of this vulnerability. A proof-of-concept demonstration exists. ####Vendor: The Apache Software Foundation ####Versions Affected All Apache OpenOffice versions 4.1.15 and older are affected. OpenOffice.org versions may also be affected. ####Mitigation Install Apache OpenOffice 4.1.16 for the latest maintenance and cumulative security fixes. Use the Apache OpenOffice download page. ####Acknowledgements The Apache OpenOffice Security Team would like to thank Reginaldo Silva of ubercomp.com for discovering and reporting this issue. ####Further Information For additional information and assistance, consult the Apache OpenOffice Community Forums or make requests to the users@openoffice.apache.org public mailing list. The latest information on Apache OpenOffice security bulletins can be found at the Bulletin Archive page.