PT-2026-3629 · Opensagres · Xdocreport
Published
2026-01-20
·
Updated
2026-02-03
·
CVE-2025-65482
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
opensagres XDocReport versions 0.9.2 through 2.0.3
Description
An XML External Entity (XXE) issue exists in opensagres XDocReport. Successful exploitation allows attackers to execute arbitrary code by uploading a specially crafted .docx file. The issue is related to the processing of XML data within the application.
Recommendations
Update opensagres XDocReport to a version later than 2.0.3.
Exploit
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xdocreport