{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T02:31:05.829","vulnerabilities":[{"cve":{"id":"CVE-2025-69516","sourceIdentifier":"cve@mitre.org","published":"2026-01-29T20:16:09.537","lastModified":"2026-02-13T20:33:25.163","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A Server-Side Template Injection (SSTI) vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions to achieve remote command execution on the server. This occurs due to improper sanitization of the template_md parameter, enabling direct injection of Jinja2 templates. This occurs due to misuse of the generate_html() function, the user-controlled value is inserted into `env.from_string`, a function that processes Jinja2 templates arbitrarily, making an SSTI possible."},{"lang":"es","value":"Una vulnerabilidad de inyección de plantilla del lado del servidor (SSTI) en el endpoint /reporting/templates/preview/ de Amidaware Tactical RMM, que afecta a versiones iguales o anteriores a v1.3.1, permite a usuarios con pocos privilegios con permisos de Visor de Informes o Gestor de Informes lograr la ejecución remota de comandos en el servidor. Esto ocurre debido a una sanitización inadecuada del parámetro template_md, lo que permite la inyección directa de plantillas Jinja2. Esto ocurre debido al uso indebido de la función generate_html(), el valor controlado por el usuario se inserta en 'env.from_string', una función que procesa plantillas Jinja2 de forma arbitraria, lo que hace posible una SSTI."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-1336"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:amidaware:tactical_rmm:*:*:*:*:*:*:*:*","versionEndExcluding":"1.4.0","matchCriteriaId":"49791A23-05AD-4207-BB4A-74A5AEA57888"}]}]}],"references":[{"url":"https://gist.github.com/NtGabrielGomes/7c424367cc316fd7527f668ff076fece","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/amidaware/tacticalrmm","source":"cve@mitre.org","tags":["Product"]},{"url":"https://www.amidaware.com/","source":"cve@mitre.org","tags":["Product"]}]}}]}