CVE-2025-65482 – An XML External Entity (XXE) vulnerability in o... (How to Fix)

Q: What is the severity of CVE-2025-65482?

CVE-2025-65482 has a CVSS score of 9.8 (CRITICAL). An XML External Entity (XXE) vulnerability in opensagres XDocReport versions 0.9.2 through 2.0.3 allows attackers to execute arbitrary code by uploading a specially crafted .docx file. This affects any application using vulnerable XDocReport libraries to process Word documents, potentially leading to complete system compromise.

📋 TL;DR

An XML External Entity (XXE) vulnerability in opensagres XDocReport versions 0.9.2 through 2.0.3 allows attackers to execute arbitrary code by uploading a specially crafted .docx file. This affects any application using vulnerable XDocReport libraries to process Word documents, potentially leading to complete system compromise.

💻 Affected Systems

Products:

opensagres XDocReport

Versions: 0.9.2 to 2.0.3

Operating Systems: All platforms running Java applications with XDocReport

Default Config Vulnerable: ⚠️ Yes

Notes: Any Java application using XDocReport to parse .docx files is vulnerable. The vulnerability resides in the XML parsing component.

📦 What is this software?

Xdocreport by Opensagres

View all CVEs affecting Xdocreport →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with full system compromise, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Server compromise leading to data theft, backdoor installation, and potential ransomware deployment.

🟢

If Mitigated

Limited impact if proper input validation and XML parsing restrictions are in place.

🌐 Internet-Facing: HIGH - Attackers can exploit this remotely by uploading malicious documents to vulnerable endpoints.

🏢 Internal Only: MEDIUM - Requires user interaction or automated document processing systems to be vulnerable.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Multiple proof-of-concept exploits are publicly available. Exploitation requires only the ability to upload a .docx file to a vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.4 or later

Vendor Advisory: https://github.com/opensagres/xdocreport

Restart Required: Yes

Instructions:

1. Update XDocReport dependency to version 2.0.4 or later. 2. Update pom.xml or build.gradle to reference the fixed version. 3. Rebuild and redeploy the application. 4. Restart the application server.

🔧 Temporary Workarounds

Disable XXE in XML parsers

all

Configure XML parsers to disable external entity resolution

Set XML parser properties: FEATURE_SECURE_PROCESSING = true, DISALLOW_DOCTYPE_DECL = true, EXTERNAL_GENERAL_ENTITIES = false, EXTERNAL_PARAMETER_ENTITIES = false, LOAD_EXTERNAL_DTD = false

Input validation for .docx files

all

Implement strict validation and sanitization of uploaded .docx files

Validate file signatures, restrict file uploads to trusted sources, implement file type verification

🧯 If You Can't Patch

Implement network segmentation to isolate vulnerable systems
Deploy web application firewall (WAF) with XXE protection rules

🔍 How to Verify

Check if Vulnerable:

Check application dependencies for XDocReport versions 0.9.2 through 2.0.3. Review build files (pom.xml, build.gradle) and deployed libraries.

Check Version:

For Maven: mvn dependency:tree | grep xdocreport. For Gradle: gradle dependencies | grep xdocreport. Direct check: java -cp xdocreport.jar org.opensagres.xdocreport.Version

Verify Fix Applied:

Verify XDocReport version is 2.0.4 or later. Test with known malicious .docx files to ensure they are rejected or safely processed.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads of .docx files, XML parsing errors, unexpected outbound connections from application servers

Network Indicators:

HTTP requests with .docx uploads to vulnerable endpoints, outbound connections to external entities from XML parsers

SIEM Query:

source="application.logs" AND ("xdocreport" OR ".docx upload") AND (status="500" OR "XML parsing error")

📊 Metadata

CVE ID: CVE-2025-65482

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-611

EPSS Score: 0.07% exploit probability (21.9th percentile)

Published: January 20, 2026

Last Updated: February 3, 2026

🔗 References

https://drive.google.com/drive/folders/1hUyCznpBN7ivo5krmyJ4OQc_q626Hy5q?usp=sharing Permissions Required
https://github.com/AT190510-Cuong/CVE-2025-65482-XXE- Broken Link
https://github.com/opensagres/xdocreport Product
https://hackmd.io/@cuongnh/r1B7B8fJ-g Permissions Required
https://hackmd.io/@cuongnh/rkJPCgSy-l Permissions Required

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65482, you might also want to check these: