Critical severityOSV Advisory· Published Jan 20, 2026· Updated Jan 21, 2026
CVE-2025-64087
CVE-2025-64087
Description
A Server-Side Template Injection (SSTI) vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
fr.opensagres.xdocreport:fr.opensagres.xdocreport.template.freemarkerMaven | < 2.2.0 | 2.2.0 |
Affected products
2- Range: xdocreport-parent-1.0.5, xdocreport-parent-1.0.6, xdocreport-parent-2.0.0, …
- ghsa-coordsRange: < 2.2.0
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-r8w2-w357-9pjvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-64087ghsaADVISORY
- github.com/opensagres/xdocreport/commit/3b35d105e5ae2006bcaa2b07563188efc466711dghsaWEB
- github.com/opensagres/xdocreport/pull/705ghsaWEB
- hackmd.io/@cuongnh/BJEnw7SAlgghsaWEB
- hackmd.io/@cuongnh/SkQvhEf0lxghsaWEB
News mentions
0No linked articles in our index yet.