Cyber Resilience

CVE-2025-65482

Critical

Published: 20 January 2026

Published
20 January 2026
Modified
03 February 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0049 38.4th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-65482 is a critical-severity Improper Restriction of XML External Entity Reference (CWE-611) vulnerability in Opensagres Xdocreport. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-65482 is an XML External Entity (XXE) vulnerability, mapped to CWE-611, present in opensagres XDocReport versions from v0.9.2 to v2.0.3. Published on 2026-01-20, it allows attackers to execute arbitrary code by uploading a crafted .docx file to affected systems. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its severe potential impact.

Any remote attacker can exploit this vulnerability without authentication, privileges, or user interaction, as it is accessible over the network with low complexity. Successful exploitation via a malicious .docx file upload enables arbitrary code execution on the target system, potentially leading to full compromise with high impacts on confidentiality, integrity, and availability.

Mitigation guidance and patches should be reviewed in the referenced advisories, including the opensagres/xdocreport GitHub repository, proof-of-concept details at github.com/AT190510-Cuong/CVE-2025-65482-XXE-, and additional analysis on hackmd.io/@cuongnh/r1B7B8fJ-g and hackmd.io/@cuongnh/rkJPCgSy-l, along with the shared folder at drive.google.com/drive/folders/1hUyCznpBN7ivo5krmyJ4OQc_q626Hy5q.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An XML External Entity (XXE) vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

XXE in a document-processing library directly enables unauthenticated remote code execution via malicious file upload to a network-accessible service, mapping to exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-64087Same product: Opensagres Xdocreport
CVE-2024-2374Shared CWE-611
CVE-2024-49352Shared CWE-611
CVE-2024-56322Shared CWE-611
CVE-2026-3603Shared CWE-611
CVE-2025-54254Shared CWE-611
CVE-2025-68493Shared CWE-611
CVE-2023-47160Shared CWE-611
CVE-2024-49781Shared CWE-611
CVE-2025-23195Shared CWE-611

Affected Assets

opensagres
xdocreport
0.9.2 — 2.0.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely remediation of the known XXE vulnerability in XDocReport library to prevent arbitrary code execution via crafted .docx file uploads.

prevent

Validates information inputs such as uploaded .docx files to block malicious XML external entities that exploit the XXE vulnerability.

prevent

Deploys malicious code protection mechanisms at upload entry points to scan and block crafted .docx files exploiting XXE for code execution.

References