CVE-2025-64087

A Server-Side Template Injection (SSTI) vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/AT190510-Cuong/CVE-2025-64087-SSTI-	Broken Link
https://github.com/opensagres/xdocreport	Product
https://github.com/opensagres/xdocreport/pull/705	Issue Tracking Third Party Advisory
https://hackmd.io/@cuongnh/BJEnw7SAlg	Permissions Required
https://hackmd.io/@cuongnh/SkQvhEf0lx	Permissions Required

Configurations

Configuration 1 (hide)

cpe:2.3:a:opensagres:xdocreport:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-01-20 16:16

Updated : 2026-02-03 21:49

NVD link : CVE-2025-64087

Mitre link : CVE-2025-64087

CVE.ORG link : CVE-2025-64087

JSON object : View

Products Affected

opensagres

xdocreport

CWE

CWE-1336

Improper Neutralization of Special Elements Used in a Template Engine

{"id": "CVE-2025-64087", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-01-20T16:16:06.070", "references": [{"url": "https://github.com/AT190510-Cuong/CVE-2025-64087-SSTI-", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://github.com/opensagres/xdocreport", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/opensagres/xdocreport/pull/705", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://hackmd.io/@cuongnh/BJEnw7SAlg", "tags": ["Permissions Required"], "source": "cve@mitre.org"}, {"url": "https://hackmd.io/@cuongnh/SkQvhEf0lx", "tags": ["Permissions Required"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-1336"}]}], "descriptions": [{"lang": "en", "value": "A Server-Side Template Injection (SSTI) vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions."}, {"lang": "es", "value": "Una vulnerabilidad de Inyecci\u00f3n de Plantillas del Lado del Servidor (SSTI) en el componente FreeMarker de opensagres XDocReport v1.0.0 a v2.1.0 permite a los atacantes ejecutar c\u00f3digo arbitrario mediante la inyecci\u00f3n de expresiones de plantilla manipuladas."}], "lastModified": "2026-02-03T21:49:59.897", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opensagres:xdocreport:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D83BE34-198C-4EA3-AFFC-BD47A6949BF4", "versionEndIncluding": "2.1.0", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}