Exploiting LibreOffice (write-up)

hack CVE-2024-12425 CVE-2024-12426 CVE-2025-64407

During a research tangent at work, I found several logical vulnerabilities in LibreOffice.

The write-up includes a proof-of-concept showing how one of the bugs can be used to steal a secret from an incoming email (assuming a desktop Linux usecase with LibreOffice and Thunderbird), which was particularly fun to put together.

Read the write-up on Codean Labs’ blog:
https://codeanlabs.com/2025/02/exploiting-libreoffice-cve-2024-12425-and-cve-2024-12426/