CVE-2025-64087 | THREATINT

Description

A Server-Side Template Injection (SSTI) vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions.

PUBLISHED Reserved 2025-10-27 | Published 2026-01-20 | Updated 2026-01-20 | Assigner mitre

References

github.com/opensagres/xdocreport

github.com/opensagres/xdocreport/pull/705

hackmd.io/@cuongnh/BJEnw7SAlg

hackmd.io/@cuongnh/SkQvhEf0lx

github.com/AT190510-Cuong/CVE-2025-64087-SSTI-

cve.org (CVE-2025-64087)

nvd.nist.gov (CVE-2025-64087)

Download JSON