{"id":"CVE-2025-65482","details":"An XML External Entity (XXE) vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file.","aliases":["GHSA-7jc7-g598-2p64"],"modified":"2026-04-02T13:00:33.852796Z","published":"2026-01-20T16:16:06.387Z","references":[{"type":"REPORT","url":"https://drive.google.com/drive/folders/1hUyCznpBN7ivo5krmyJ4OQc_q626Hy5q?usp=sharing"},{"type":"REPORT","url":"https://hackmd.io/@cuongnh/r1B7B8fJ-g"},{"type":"REPORT","url":"https://hackmd.io/@cuongnh/rkJPCgSy-l"},{"type":"PACKAGE","url":"https://github.com/AT190510-Cuong/CVE-2025-65482-XXE-"},{"type":"PACKAGE","url":"https://github.com/opensagres/xdocreport"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opensagres/xdocreport","events":[{"introduced":"0"},{"last_affected":"94036573e7e6ae68fb5c5596e4d873c72c22147b"}],"database_specific":{"versions":[{"introduced":"0.9.2"},{"last_affected":"2.0.3"}]}}],"versions":["xdocreport-parent-1.0.5","xdocreport-parent-1.0.6","xdocreport-parent-2.0.0","xdocreport-parent-2.0.1","xdocreport-parent-2.0.2","xdocreport-parent-2.0.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65482.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}