CVE-2025-23211

CVSS 3.1 Score 9.9 of 10 (high)

Details

Published Jan 28, 2025

CWE ID 1336

Summary

CVE-2025-23211 is a serious vulnerability affecting the Tandoor Recipes application. This application, used for managing recipes, planning meals, and building shopping lists, contains a Jinja2 Template Injection (SSTI) flaw. This issue enables any user to execute commands on the server, potentially leading to unauthorized access or system compromise. In the case of the provided Docker Compose file, an attacker could exploit this vulnerability as a root user. The latest version of Tandoor Recipes, 1.5.24, includes a fix for this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Tandoor

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2cHmnp
https://www.cve.org/CVERecord?id=CVE-2025-23211
https://nvd.nist.gov/vuln/detail/CVE-2025-23211

Back to Vulnerability Database

CVE-2025-23211

CVSS 3.1 Score 9.9 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations