VYPR

Tacticalrmm

by Amidaware

Source repositories

CVEs (2)

  • CVE-2025-69517HigJan 28, 2026
    risk 0.57cvss 8.8epss 0.00

    An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 and earlier allows authenticated users to inject arbitrary HTML content during the creation of a new agent via the POST /api/v3/newagent/ endpoint. The agent_id parameter accepts up to 255 characters and is…

  • CVE-2025-69516Jan 29, 2026
    risk 0.07cvss epss 0.02

    A Server-Side Template Injection (SSTI) vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions to achieve remote…