vulnerability

Apache OpenOffice: CVE-2022-38745: An empty class path may lead to run arbitrary Java code

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:M/Au:N/C:C/I:C/A:C)	Mar 24, 2023	Sep 12, 2025	Sep 12, 2025

Severity

CVSS

(AV:L/AC:M/Au:N/C:C/I:C/A:C)

Published

Mar 24, 2023

Added

Sep 12, 2025

Modified

Sep 12, 2025

Description

Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.

Solution

apache-openoffice-upgrade-latest

References

CWE-94
CWE-1188
CWE-427
CVE-2022-38745
https://attackerkb.com/topics/CVE-2022-38745
URL-https://www.openoffice.org/security/cves/CVE-2022-38745.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today