A high-severity vulnerability has been identified in multiple SysReptor products, a platform used for managing sensitive penetration test reports. An attacker could exploit this flaw to execute arbitrary code on the server, potentially leading to a complete system compromise. Successful exploitation would grant access to highly confidential client data, internal vulnerability findings, and other critical security information stored within the platform.

The vulnerability is a remote code execution (RCE) flaw within the report generation engine of the SysReptor platform. Due to insufficient input sanitization of user-supplied data in report templates, an authenticated attacker with low-level privileges can craft a malicious template or finding. When the server processes this malicious input to render a report (e.g., PDF or HTML), it executes code embedded within the template, granting the attacker command execution capabilities in the security context of the SysReptor application process on the underlying server.

This vulnerability is rated as High severity with a CVSS score of 8.1. A successful exploit could have a catastrophic business impact due to the nature of the data managed by SysReptor. An attacker could exfiltrate, modify, or delete all penetration testing reports, exposing severe vulnerabilities in the organization and its clients before they are remediated. This could lead to significant reputational damage, loss of client trust, breach of confidentiality agreements, and potential regulatory penalties. Furthermore, by gaining a foothold on the server, an attacker could use it as a pivot point to launch further attacks against the internal network.

Immediate Action: Organizations must apply the security updates provided by the vendor immediately, prioritizing internet-facing instances. After patching, it is critical to review access and application logs for any signs of compromise that may have occurred prior to the update.

Proactive Monitoring: Security teams should actively monitor for indicators of compromise, including:

• Unusual processes being spawned by the SysReptor service account on the host server (e.g., shell commands, network utilities).
• Anomalous outbound network connections from the SysReptor server to unknown IP addresses or ports.
• Review of web server and application logs for suspicious requests to report generation endpoints, especially those containing template syntax or encoded payloads.

Compensating Controls: If immediate patching is not feasible, the following compensating controls can reduce risk:

• Implement a Web Application Firewall (WAF) with rules designed to detect and block common template injection and command injection payloads.
• Restrict network access to the SysReptor application, limiting it to trusted IP addresses and internal users only.
• Enhance endpoint monitoring on the host server to detect and alert on suspicious process execution from the application.

Public Exploit Available: false

This vulnerability presents a critical risk and must be addressed with the highest priority. Due to the high CVSS score of 8.1 and the extremely sensitive nature of the data stored in SysReptor, a compromise could have severe consequences. We strongly recommend that all affected SysReptor instances be patched immediately, beginning with those exposed to the internet. While this CVE is not currently listed on the CISA KEV catalog, its severity makes it a prime candidate for future inclusion. Organizations should implement proactive monitoring for indicators of compromise and apply compensating controls where patching is delayed.