CVE-2025-65482

Published
View on NVD ↗
CVSS v3
9.8
CRITICAL
CVSS v2
N/A
Affected
2
PROJECTS

Description

An XML External Entity (XXE) vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file.

opensagres/xdocreport
opensagres/xdocreport
XDocReport means XML Document reporting. It's Java API to merge XML document created with MS Office (docx) or OpenOffice (odt), LibreOffice (odt) with a Java model to generate report and convert it if you need to another format (PDF, XHTML...).
GitHubGitHub
1.29K
AT190510-Cuong/CVE-2025-65482-XXE-
AT190510-Cuong/CVE-2025-65482-XXE-
CVE-2025-65482 (XXE)
GitHubGitHub
1