Cyber Posture

CVE-2025-65482

Critical

Published: 20 January 2026

Published
20 January 2026
Modified
03 February 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0008 23.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-65482 is a critical-severity Improper Restriction of XML External Entity Reference (CWE-611) vulnerability in Opensagres Xdocreport. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 23.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires timely remediation of the known XXE vulnerability in XDocReport library to prevent arbitrary code execution via crafted .docx file uploads.

SI-10 Information Input Validation good match
prevent

Validates information inputs such as uploaded .docx files to block malicious XML external entities that exploit the XXE vulnerability.

SI-3 Malicious Code Protection partial match
prevent

Deploys malicious code protection mechanisms at upload entry points to scan and block crafted .docx files exploiting XXE for code execution.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

XXE in a document-processing library directly enables unauthenticated remote code execution via malicious file upload to a network-accessible service, mapping to exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An XML External Entity (XXE) vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file.

Deeper analysisAI

CVE-2025-65482 is an XML External Entity (XXE) vulnerability, mapped to CWE-611, present in opensagres XDocReport versions from v0.9.2 to v2.0.3. Published on 2026-01-20, it allows attackers to execute arbitrary code by uploading a crafted .docx file to affected systems. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its severe potential impact.

Any remote attacker can exploit this vulnerability without authentication, privileges, or user interaction, as it is accessible over the network with low complexity. Successful exploitation via a malicious .docx file upload enables arbitrary code execution on the target system, potentially leading to full compromise with high impacts on confidentiality, integrity, and availability.

Mitigation guidance and patches should be reviewed in the referenced advisories, including the opensagres/xdocreport GitHub repository, proof-of-concept details at github.com/AT190510-Cuong/CVE-2025-65482-XXE-, and additional analysis on hackmd.io/@cuongnh/r1B7B8fJ-g and hackmd.io/@cuongnh/rkJPCgSy-l, along with the shared folder at drive.google.com/drive/folders/1hUyCznpBN7ivo5krmyJ4OQc_q626Hy5q.

Details

CWE(s)
CWE-611

Affected Products

opensagres
xdocreport
0.9.2 — 2.0.3

CVEs Like This One

CVE-2025-64087Same product: Opensagres Xdocreport
CVE-2024-49352Shared CWE-611
CVE-2024-56322Shared CWE-611
CVE-2025-0162Shared CWE-611
CVE-2025-61813Shared CWE-611
CVE-2026-41066Shared CWE-611
CVE-2025-14478Shared CWE-611
CVE-2024-56324Shared CWE-611
CVE-2026-1567Shared CWE-611
CVE-2024-49781Shared CWE-611

References