CVE-2025-65482 in XDocReport
Summary
by MITRE • 01/20/2026
An XML External Entity (XXE) vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 01/20/2026
The vulnerability CVE-2025-65482 represents a critical XML External Entity processing flaw within the opensagres XDocReport library version range 0.9.2 through 2.0.3. This issue arises from insufficient input validation when processing Microsoft Word .docx files, which are essentially ZIP archives containing XML documents. When the library processes a maliciously crafted .docx file, it fails to properly sanitize XML entities, creating an attack surface that can be exploited by malicious actors to execute arbitrary code on the affected system. The vulnerability specifically targets the library's handling of XML content within the document structure, particularly in the way it parses and processes external entity references during document rendering or conversion operations.
The technical implementation of this XXE vulnerability stems from the library's reliance on XML parsers that do not adequately restrict external entity resolution during document processing. Attackers can craft a .docx file containing malicious XML entities that reference external resources, either local files or remote servers. When the vulnerable library processes this file, it attempts to resolve these external entities, potentially leading to information disclosure, denial of service, or remote code execution depending on the target environment. The flaw manifests when the library's XML processing components fail to disable external entity resolution, allowing attackers to leverage this feature for unauthorized access. This vulnerability aligns with CWE-611, which specifically addresses improper restriction of XML external entity reference processing, and represents a classic example of how XML parsing libraries can become attack vectors when not properly configured.
The operational impact of CVE-2025-65482 extends beyond simple code execution, as it can compromise entire document processing pipelines within applications that utilize the affected XDocReport library. Systems that accept user-uploaded .docx files for processing, such as document management systems, content management platforms, or automated report generation services, become vulnerable to this attack vector. Attackers can leverage this vulnerability to access sensitive system information, potentially escalate privileges, or establish persistent access through remote code execution capabilities. The vulnerability is particularly dangerous in environments where automated processing occurs without proper input validation, as it can be exploited through simple file upload mechanisms. According to ATT&CK framework, this vulnerability maps to T1059.007 for remote code execution and T1566 for initial access through malicious file uploads, making it a significant threat to enterprise security infrastructure.
Mitigation strategies for CVE-2025-65482 require immediate remediation through library version updates to versions that properly address XML external entity processing. Organizations should implement strict input validation and sanitization measures for all .docx file uploads, including disabling external entity resolution in XML parsers used by the library. Security configurations should enforce restrictions on XML processing parameters and disable features that allow external entity references. Additionally, network-level controls such as firewalls and intrusion detection systems can help detect and block malicious XML entity references attempting to access external resources. The implementation of proper access controls and least privilege principles for document processing services reduces the potential impact of successful exploitation. Organizations should also conduct comprehensive vulnerability assessments to identify all systems utilizing the affected library versions and ensure proper patching procedures are followed. Regular security monitoring and log analysis should be implemented to detect potential exploitation attempts, while application-level security testing should include XML injection vulnerability assessments to prevent similar issues in other components.