Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-69516
Analyzed
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-29 Jan, 2026 | 20:16
Updated At-13 Feb, 2026 | 20:33

A Server-Side Template Injection (SSTI) vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions to achieve remote command execution on the server. This occurs due to improper sanitization of the template_md parameter, enabling direct injection of Jinja2 templates. This occurs due to misuse of the generate_html() function, the user-controlled value is inserted into `env.from_string`, a function that processes Jinja2 templates arbitrarily, making an SSTI possible.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
amidaware
amidaware
>>tactical_rmm>>Versions before 1.4.0(exclusive)
cpe:2.3:a:amidaware:tactical_rmm:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-1336Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-1336
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gist.github.com/NtGabrielGomes/7c424367cc316fd7527f668ff076fececve@mitre.org
Third Party Advisory
https://github.com/amidaware/tacticalrmmcve@mitre.org
Product
https://www.amidaware.com/cve@mitre.org
Product
Hyperlink: https://gist.github.com/NtGabrielGomes/7c424367cc316fd7527f668ff076fece
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://github.com/amidaware/tacticalrmm
Source: cve@mitre.org
Resource:
Product
Hyperlink: https://www.amidaware.com/
Source: cve@mitre.org
Resource:
Product
Change History
0Changes found
Details not found