CVE-2025-69516HIGH 8.8EPSS p79.3%

CVE-2025-69516CVE-2025-69516

Description

A Server-Side Template Injection (SSTI) vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions to achieve remote command execution on the server. This occurs due to improper sanitization of the template_md parameter, enabling direct injection of Jinja2 templates. This occurs due to misuse of the generate_html() function, the user-controlled value is inserted into `env.from_string`, a function that processes Jinja2 templates arbitrarily, making an SSTI possible.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS2.10% probability of exploitation · percentile 79.3% · 2026-06-18T12:00:27Z
Published2026-01-29
Last modified2026-02-13

Underlying weaknesses· 1

CWE-1336

References

  1. https://gist.github.com/NtGabrielGomes/7c424367cc316fd7527f668ff076fece
  2. https://github.com/amidaware/tacticalrmm
  3. https://www.amidaware.com/

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements Used in a Template Enginecwe-13360%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-69517
CVE
CVE-2025-65271
CVE
CVE-2025-67843
CVE
CVE-2025-30911
CVE
CVE-2025-54815
CVE
CVE-2025-64087
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.