CVE-2025-65482: XDocReport affected by an XML External Entity (XXE) vulnerability
(updated )
An XML External Entity (XXE) vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file.
References
- drive.google.com/drive/folders/1hUyCznpBN7ivo5krmyJ4OQc_q626Hy5q?usp=sharing
- github.com/AT190510-Cuong/CVE-2025-65482-XXE-
- github.com/advisories/GHSA-7jc7-g598-2p64
- github.com/opensagres/xdocreport
- github.com/opensagres/xdocreport/commit/d9b90ae6c9489dc43f6427ec7b315cab34125332
- hackmd.io/@cuongnh/r1B7B8fJ-g
- hackmd.io/@cuongnh/rkJPCgSy-l
- nvd.nist.gov/vuln/detail/CVE-2025-65482
Code Behaviors & Features
Detect and mitigate CVE-2025-65482 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →