CVE-2025-65482
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-20

Last updated on: 2026-02-03

Assigner: MITRE

Description
An XML External Entity (XXE) vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-20
Last Modified
2026-02-03
Generated
2026-06-16
AI Q&A
2026-01-20
EPSS Evaluated
2026-06-15
NVD
CVE-2025-65482
EUVD
EUVD-2026-3370
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
opensagres xdocreport From 0.9.2 (inc) to 2.0.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-611 The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-65482 is a high-severity XML External Entity (XXE) injection vulnerability in the XDocReport library (versions 0.9.2 to 2.0.3) that occurs when processing .docx files. The vulnerability arises because XDocReport uses Apache POI internally, which relies on Java's default SAXParser without disabling Document Type Definition (DTD) processing and external entity resolution. Attackers can craft malicious .docx files containing XML with DOCTYPE declarations that define external entities referencing remote URLs or local files. When such a file is processed, the parser resolves these external entities, leading to outbound HTTP requests to attacker-controlled servers or disclosure of sensitive local files. This allows attackers to execute arbitrary code, exfiltrate data, scan internal networks, or disrupt services. The vulnerability is mitigated by disabling DTD and external entity processing in the XML parser configuration. [1, 3, 4]

Impact Analysis

Exploitation of this vulnerability can lead to several serious impacts: unauthorized data exfiltration including sensitive local files and Personally Identifiable Information (PII), outbound HTTP requests to attacker-controlled servers enabling out-of-band data leaks, internal network scanning, service disruption, reputational damage, and financial losses due to breach notifications and remediation costs. [1, 3, 4]

Detection Guidance

This vulnerability can be detected by monitoring for unusual outbound HTTP requests triggered by processing uploaded .docx files, especially requests to unknown or attacker-controlled domains. One detection method is to analyze network traffic for HTTP requests originating from the application processing .docx files. Additionally, inspecting uploaded .docx files by unzipping them and checking the word/document.xml file for DOCTYPE declarations with external entity references can help identify malicious files. Commands to assist detection include: 1) Unzip and inspect .docx files: `unzip suspicious.docx -d extracted && grep -i '<!DOCTYPE' extracted/word/document.xml` 2) Monitor outbound HTTP requests from the application server using tools like tcpdump or Wireshark, e.g., `tcpdump -i eth0 host attacker-controlled-domain.com` or `tcpdump -i eth0 port 80 or port 443` to capture suspicious traffic. 3) Use application logs to detect unexpected external entity resolution or errors related to XML parsing. These approaches help identify exploitation attempts or presence of crafted malicious documents. [1, 3, 4]

Mitigation Strategies

Immediate mitigation involves disabling Document Type Definition (DTD) processing and external entity resolution in the XML parser configuration used by XDocReport. Specifically, configure the SAXParserFactory with the following features set: spf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); spf.setFeature("http://xml.org/sax/features/external-general-entities", false); spf.setFeature("http://xml.org/sax/features/external-parameter-entities", false); This prevents the parser from processing any DOCTYPE declarations or external entities, effectively mitigating XXE attacks. Additionally, update XDocReport to a patched version where this fix is applied (versions after 2.0.3) or apply the patch from the official repository (pull request #547). As a temporary measure, restrict file uploads to trusted users and scan uploaded .docx files for malicious content before processing. Monitoring and blocking outbound HTTP requests to unknown domains can also reduce risk. [1, 3, 4]

Compliance Impact

The vulnerability allows attackers to exfiltrate sensitive files, including Personally Identifiable Information (PII), from the affected systems by exploiting XML External Entity (XXE) injection. This data breach risk can lead to non-compliance with regulations such as GDPR and HIPAA, which mandate the protection of sensitive personal and health information. Exploitation may result in unauthorized disclosure of protected data, triggering breach notification requirements, reputational damage, and financial penalties under these standards. Therefore, CVE-2025-65482 poses a significant compliance risk if exploited. [1, 3, 4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65482. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart