CVE-2025-65482
CRITICALopensagres XDocReport 0.9.2-2.0.3 - XML External Entity Injection via Crafted .docx File
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2025-65482. PoCs published by AT190510-Cuong.
AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2025-65482, an XXE vulnerability in XDocReport (versions <= 2.0.3). It includes root cause analysis, steps to reproduce, and mitigation strategies, but does not contain functional exploit code.
Description
An XML External Entity (XXE) vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file.
Exploits (1)
This repository provides a detailed technical analysis of CVE-2025-65482, an XXE vulnerability in XDocReport (versions <= 2.0.3). It includes root cause analysis, steps to reproduce, and mitigation strategies, but does not contain functional exploit code.
References (5)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H