CVE-2025-65482 is an XML External Entity (XXE) vulnerability affecting opensagres XDocReport versions 0.9.2 to 2.0.3. XDocReport is a Java library used to generate reports by merging data into document templates, commonly .docx files. The vulnerability stems from insecure XML parsing that allows an attacker to embed malicious external entities within a crafted .docx file. When such a file is processed by a vulnerable XDocReport instance, the XML parser resolves these external entities, which can lead to arbitrary code execution on the host system. This occurs because the XML parser does not properly restrict access to external resources or disable entity expansion, a common vector for XXE attacks. Exploitation requires an attacker to upload or otherwise supply a malicious .docx file to the application using XDocReport, which then processes the file without sufficient validation or secure XML parsing configurations. Although no public exploits have been reported yet, the vulnerability's nature allows for remote code execution, potentially leading to full system compromise. The lack of a CVSS score indicates that the vulnerability is newly disclosed, and no official severity rating has been assigned. The vulnerability affects a wide range of versions, indicating a long-standing issue in the library. Organizations using XDocReport in document processing workflows, especially those accepting user-generated documents, are at risk. The vulnerability highlights the importance of secure XML parsing practices and input validation in document processing libraries.

For European organizations, the impact of CVE-2025-65482 can be significant. Exploitation allows attackers to execute arbitrary code remotely, potentially leading to full system compromise, data theft, or disruption of services. Organizations relying on XDocReport for automated document generation or processing, particularly in sectors such as government, finance, legal, and healthcare, face risks to confidentiality, integrity, and availability of sensitive information. The ability to upload malicious .docx files may enable attackers to bypass perimeter defenses by exploiting trusted internal applications. This can result in lateral movement within networks, data exfiltration, or deployment of ransomware. The lack of known exploits in the wild currently limits immediate risk, but the vulnerability's severity and ease of exploitation once a crafted document is accepted make it a high-priority issue. European organizations with public-facing document upload features or those integrating XDocReport into web applications are especially vulnerable. The impact is exacerbated in environments where patching is slow or where legacy versions of XDocReport remain in use.

To mitigate CVE-2025-65482, organizations should prioritize upgrading to a patched version of opensagres XDocReport once available. In the absence of an official patch, immediate steps include disabling XML external entity processing in the XML parser configurations used by XDocReport. This can be achieved by setting secure parser features such as 'http://apache.org/xml/features/disallow-doctype-decl' to true and disabling external entity resolution. Additionally, implement strict input validation and sanitization on all uploaded .docx files to detect and block potentially malicious content. Employ file integrity checks and sandbox document processing workflows to limit the impact of any successful exploit. Network segmentation and application-layer firewalls can help contain exploitation attempts. Monitoring for unusual application behavior or unexpected process executions related to document processing is recommended. Finally, educate developers and administrators about secure XML parsing practices and the risks of XXE vulnerabilities to prevent similar issues in future development.