CVE-2025-64087 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A Server-Side Template Injection (SSTI) vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrar…
Critical CVSS: 9.8

CVE-2025-64087

A Server-Side Template Injection (SSTI) vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions.
Vendor
Opensagres
Product
Xdocreport
CWE
CWE-1336
Yayın Tarihi
2026-01-20 16:16:06
Güncelleme
2026-02-03 21:49:59
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-1336 Xdocreport CRITICAL Opensagres 2026

Referanslar

https://github.com/AT190510-Cuong/CVE-2025-64087-SSTI- https://github.com/opensagres/xdocreport https://github.com/opensagres/xdocreport/pull/705 https://hackmd.io/@cuongnh/BJEnw7SAlg https://hackmd.io/@cuongnh/SkQvhEf0lx