CVE-2025-64087

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions opensagres XDocReport versions 1.0.0 through 2.1.0

Description A Server-Side Template Injection (SSTI) flaw exists in the FreeMarker component. This allows attackers to execute arbitrary code by injecting crafted template expressions. The affected component is used in opensagres XDocReport.

Recommendations Update opensagres XDocReport to a version later than 2.1.0.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1336

Related Identifiers

CVE-2025-64087

GHSA-R8W2-W357-9PJV

Affected Products

Xdocreport

CVE-2025-64087

Weakness Enumeration

Related Identifiers

Affected Products

References · 14