CVE-2025-69516

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-69516

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-69516.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-69516

Published

2026-01-29T20:16:09.537Z

Modified

2026-03-13T03:50:22.406855Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A Server-Side Template Injection (SSTI) vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions to achieve remote command execution on the server. This occurs due to improper sanitization of the templatemd parameter, enabling direct injection of Jinja2 templates. This occurs due to misuse of the generatehtml() function, the user-controlled value is inserted into env.from_string, a function that processes Jinja2 templates arbitrarily, making an SSTI possible.

References

Affected packages

Git / github.com/amidaware/tacticalrmm

Affected ranges

Type

GIT

Repo

https://github.com/amidaware/tacticalrmm

Events

Introduced

Fixed

5bba3e80ec2cbe2bfdb4a7f7b08a76d0db5c0197

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.4.0"
        }
    ]
}

Affected versions

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.1.3

v0.1.4

v0.1.5

v0.1.6

v0.1.7

v0.1.8

v0.10.0

v0.10.1

v0.10.2

v0.10.3

v0.10.4

v0.10.5

v0.11.1

v0.11.2

v0.11.3

v0.12.0

v0.12.1

v0.12.2

v0.12.3

v0.12.4

v0.13.0

v0.13.1

v0.13.2

v0.13.3

v0.13.4

v0.14.0

v0.14.1

v0.14.2

v0.14.3

v0.14.4

v0.14.5

v0.14.6

v0.14.7

v0.14.8

v0.15.0

v0.15.1

v0.15.10

v0.15.11

v0.15.12

v0.15.2

v0.15.3

v0.15.4

v0.15.5

v0.15.6

v0.15.7

v0.15.8

v0.15.9

v0.16.0

v0.16.1

v0.16.2

v0.16.3

v0.16.4

v0.16.5

v0.17.0

v0.17.1

v0.17.2

v0.17.3

v0.17.4

v0.17.5

v0.18.0

v0.18.1

v0.18.2

v0.19.0

v0.19.1

v0.19.2

v0.19.3

v0.19.4

v0.2.0

v0.2.1

v0.2.10

v0.2.11

v0.2.12

v0.2.13

v0.2.14

v0.2.15

v0.2.16

v0.2.17

v0.2.18

v0.2.19

v0.2.2

v0.2.20

v0.2.21

v0.2.22

v0.2.23

v0.2.3

v0.2.4

v0.2.5

v0.2.6

v0.2.7

v0.2.8

v0.2.9

v0.20.0

v0.20.1

v0.3.0

v0.3.1

v0.3.2

v0.3.3

v0.4.0

v0.4.1

v0.4.10

v0.4.11

v0.4.12

v0.4.13

v0.4.14

v0.4.15

v0.4.16

v0.4.17

v0.4.18

v0.4.19

v0.4.2

v0.4.20

v0.4.21

v0.4.22

v0.4.23

v0.4.24

v0.4.25

v0.4.26

v0.4.27

v0.4.28

v0.4.29

v0.4.3

v0.4.30

v0.4.31

v0.4.32

v0.4.4

v0.4.5

v0.4.6

v0.4.7

v0.4.8

v0.4.9

v0.5.0

v0.5.1

v0.5.2

v0.5.3

v0.6.0

v0.6.1

v0.6.10

v0.6.11

v0.6.12

v0.6.13

v0.6.14

v0.6.15

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v0.6.6

v0.6.7

v0.6.8

v0.6.9

v0.7.0

v0.7.1

v0.7.2

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.8.4

v0.8.5

v0.9.0

v0.9.1

v0.9.2

v1.*

v1.0.0

v1.1.0

v1.2.0

v1.3.0

v1.3.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-69516.json"