MeldSecurity
Press Enter to search
CVE Database & Search →
Sign In Get Started

CVE-2025-69516

🔴 HIGH

A Server-Side Template Injection (SSTI) vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged...

Published
Jan 29, 2026
Last Modified
Feb 04, 2026
Views
7
Bookmarks
0

Description

Request Expert Review

A Server-Side Template Injection (SSTI) vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions to achieve remote command execution on the server. This occurs due to improper sanitization of the template_md parameter, enabling direct injection of Jinja2 templates. This occurs due to misuse of the generate_html() function, the user-controlled value is inserted into `env.from_string`, a function that processes Jinja2 templates arbitrarily, making an SSTI possible.

CVSS Scores

CVSS 3.1 8.8
8.8
HIGH
CVSS 2.0 8.8

References

gist.github.com github.com www.amidaware.com

Additional Information

Source
cve@mitre.org
State
Awaiting analysis

Related CVEs

CVE-2026-2135

MEDIUM

A vulnerability was detected in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_43F020 of the file /goform/formPdbUpConfig. Perfo...

Score: 6.3

CVE-2026-2134

MEDIUM

A security vulnerability has been detected in PHPGurukul Hospital Management System 4.0. The affected element is an unknown function of the file /hms/...

Score: 4.7

CVE-2026-2133

HIGH

A weakness has been identified in code-projects Online Music Site 1.0. Impacted is an unknown function of the file /Administrator/PHP/AdminUpdateCateg...

Score: 7.3

CVE-2026-2132

HIGH

A security flaw has been discovered in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Administrator/PHP/...

Score: 7.3

CVE-2026-2131

MEDIUM

A vulnerability was identified in XixianLiang HarmonyOS-mcp-server 0.1.0. This vulnerability affects the function input_text. The manipulation of the...

Score: 6.3

CVE-2026-2130

MEDIUM

A vulnerability was determined in BurtTheCoder mcp-maigret up to 1.0.12. This affects an unknown part of the file src/index.ts of the component search...

Score: 6.3

Share CVE-2025-69516

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2025-69516 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis