CVE-2025-69516 is a critical Server-Side Template Injection vulnerability found in Amidaware Tactical RMM, specifically in the /reporting/templates/preview/ endpoint. The vulnerability affects all versions up to and including v1.3.1. It stems from the improper handling of the user-supplied template_md parameter, which is passed directly to the Jinja2 templating engine's env.from_string function via the generate_html() method. Because env.from_string processes templates without restrictions, an attacker with Report Viewer or Report Manager permissions—roles typically assigned to low-privileged users—can inject arbitrary Jinja2 template expressions. This injection can lead to remote code execution on the server hosting the Tactical RMM instance. The vulnerability is severe because it does not require high privileges or user interaction beyond having report access, and it allows attackers to execute commands with the server's privileges. No patches or official fixes are currently linked, and no public exploits have been reported. The lack of a CVSS score necessitates an independent severity assessment. The vulnerability's exploitation could compromise the confidentiality, integrity, and availability of the affected systems, potentially allowing attackers to pivot within networks managed by Tactical RMM.

For European organizations, this vulnerability poses a significant risk, especially for those relying on Amidaware Tactical RMM for remote monitoring and management of IT infrastructure. Successful exploitation could lead to full server compromise, enabling attackers to execute arbitrary commands, access sensitive data, manipulate monitoring data, or disrupt IT operations. This could affect critical sectors such as finance, healthcare, manufacturing, and government agencies that depend on Tactical RMM for operational continuity. The ability for low-privileged users to escalate to remote code execution increases the threat surface, particularly in environments with many users assigned report access. Additionally, compromised RMM servers could serve as launchpads for lateral movement within corporate networks, amplifying the impact. The absence of known exploits currently reduces immediate risk but does not diminish the urgency for mitigation, as proof-of-concept exploits could emerge rapidly.

Organizations should immediately audit user permissions to ensure that only trusted personnel have Report Viewer or Report Manager roles. Implement strict access controls and monitor usage of the /reporting/templates/preview/ endpoint for anomalous activity. Since no official patches are currently available, consider applying temporary mitigations such as disabling the vulnerable reporting feature or restricting access to the endpoint via network controls or web application firewalls (WAFs) with custom rules to detect and block suspicious template injection patterns. Review and sanitize all user inputs related to template rendering, and if possible, upgrade to a newer version of Amidaware Tactical RMM once a patch is released. Employ runtime application self-protection (RASP) tools to detect and prevent exploitation attempts. Regularly monitor vendor advisories for updates and apply security best practices for Jinja2 template handling in custom integrations.