2 matches found
CVE-2025-65482
The CVE-2025-65482 XXE vulnerability affects opensagres XDocReport versions 0.9.2 through 2.0.3, allowing arbitrary code execution via crafted .docx uploads. Root cause relates to XML data processing within the library, enabling an attacker to trigger code execution when processing external entit...
CVE-2025-64087
The CVE-2025-64087 SSTI issue affects the FreeMarker component in opensagres XDocReport v1.0.0–v2.1.0, enabling arbitrary code execution via crafted template expressions. The vulnerability has CVSS v3.1 metrics: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, base score 9.8 (CRITICAL). Affected versions inc...