CVE-2025-64087

A Server-Side Template Injection (SSTI) vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
mitreCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
References
https://github.com/AT190510-Cuong/CVE-2025-64087-SSTI-
https://github.com/opensagres/xdocreport
https://github.com/opensagres/xdocreport/pull/705
https://hackmd.io/@cuongnh/BJEnw7SAlg
https://hackmd.io/@cuongnh/SkQvhEf0lx