CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.
CVE-2025-10380 (GCVE-0-2025-10380)
Vulnerability from cvelistv5 – Published: 2025-09-23 03:34 – Updated: 2026-04-08 16:52
VLAI
Title
Advanced Views – Display Posts, Custom Fields, and More <= 3.7.19 - Authenticated (Author+) Remote Code Execution via SSTI
Summary
The Advanced Views – Display Posts, Custom Fields, and More plugin for WordPress is vulnerable to Server-Side Template Injection in all versions up to, and including, 3.7.19. This is due to insufficient input sanitization and lack of access control when processing custom Twig templates in the Model panel. This makes it possible for authenticated attackers, with author-level access or higher, to execute arbitrary PHP code and commands on the server.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| wplakeorg | Advanced Views – Display Custom Fields (ACF, Pods, MetaBox), Posts, CPT and Woo Products anywhere in Gutenberg, Elementor, Divi, Beaver… |
Affected:
0 , ≤ 3.7.19
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10380",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T14:04:15.263176Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T14:04:23.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Advanced Views \u2013 Display Custom Fields (ACF, Pods, MetaBox), Posts, CPT and Woo Products anywhere in Gutenberg, Elementor, Divi, Beaver\u2026",
"vendor": "wplakeorg",
"versions": [
{
"lessThanOrEqual": "3.7.19",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aur\u00e9lien BOURDOIS"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Advanced Views \u2013 Display Posts, Custom Fields, and More plugin for WordPress is vulnerable to Server-Side Template Injection in all versions up to, and including, 3.7.19. This is due to insufficient input sanitization and lack of access control when processing custom Twig templates in the Model panel. This makes it possible for authenticated attackers, with author-level access or higher, to execute arbitrary PHP code and commands on the server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:52:53.023Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52b04517-f0be-4bbf-818c-70a12d76bfec?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/acf-views/tags/3.7.19/src/Template_Engines/Twig.php#L106"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3364566%40acf-views\u0026new=3364566%40acf-views\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-13T14:33:37.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-09-22T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Advanced Views \u2013 Display Posts, Custom Fields, and More \u003c= 3.7.19 - Authenticated (Author+) Remote Code Execution via SSTI"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-10380",
"datePublished": "2025-09-23T03:34:34.263Z",
"dateReserved": "2025-09-12T20:13:06.034Z",
"dateUpdated": "2026-04-08T16:52:53.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1040 (GCVE-0-2025-1040)
Vulnerability from cvelistv5 – Published: 2025-03-20 10:11 – Updated: 2025-10-15 12:50
VLAI
Title
Server-Side Template Injection (SSTI) in significant-gravitas/autogpt
Summary
AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote Code Execution (RCE). The vulnerability arises from the improper handling of user-supplied format strings in the `AgentOutputBlock` implementation, where malicious input is passed to the Jinja2 templating engine without adequate security measures. Attackers can exploit this flaw to execute arbitrary commands on the host system. The issue is fixed in version 0.4.0.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| significant-gravitas | significant-gravitas/autogpt |
Affected:
unspecified , < v0.4.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1040",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T15:21:58.406225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T15:22:10.534Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/b74ef75f-61d5-4422-ab15-9550c8b4f185"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "significant-gravitas/autogpt",
"vendor": "significant-gravitas",
"versions": [
{
"lessThan": "v0.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote Code Execution (RCE). The vulnerability arises from the improper handling of user-supplied format strings in the `AgentOutputBlock` implementation, where malicious input is passed to the Jinja2 templating engine without adequate security measures. Attackers can exploit this flaw to execute arbitrary commands on the host system. The issue is fixed in version 0.4.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T12:50:50.369Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/b74ef75f-61d5-4422-ab15-9550c8b4f185"
},
{
"url": "https://github.com/significant-gravitas/autogpt/commit/6dba31e0215549604bdcc1aed24e3a1714e75ee2"
}
],
"source": {
"advisory": "b74ef75f-61d5-4422-ab15-9550c8b4f185",
"discovery": "EXTERNAL"
},
"title": "Server-Side Template Injection (SSTI) in significant-gravitas/autogpt"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2025-1040",
"datePublished": "2025-03-20T10:11:05.749Z",
"dateReserved": "2025-02-04T19:56:24.203Z",
"dateUpdated": "2025-10-15T12:50:50.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-12107 (GCVE-0-2025-12107)
Vulnerability from cvelistv5 – Published: 2026-02-19 10:04 – Updated: 2026-03-06 15:29
VLAI
Title
Potential authenticated Server-Side Template Injection (SSTI) vulnerability.
Summary
Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates.
Successful exploitation of this vulnerability could allow a malicious actor with admin privilege to inject and execute arbitrary template code on the server, potentially leading to remote code execution, data manipulation, or unauthorized access to sensitive information.
Severity
8.4 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.docs.wso2.com/en/latest/security… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WSO2 | WSO2 Identity Server |
Affected:
5.11.0.130 , < 5.11.0.299
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12107",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T20:41:43.252367Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T20:41:56.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WSO2 Identity Server",
"vendor": "WSO2",
"versions": [
{
"lessThan": "5.11.0.299",
"status": "affected",
"version": "5.11.0.130",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.11.0.299",
"versionStartIncluding": "5.11.0.130",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Robert Raducioiu"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates. \u003cbr\u003e\u003cbr\u003e Successful exploitation of this vulnerability could allow a malicious actor with admin privilege to inject and execute arbitrary template code on the server, potentially leading to remote code execution, data manipulation, or unauthorized access to sensitive information."
}
],
"value": "Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates. \n\n Successful exploitation of this vulnerability could allow a malicious actor with admin privilege to inject and execute arbitrary template code on the server, potentially leading to remote code execution, data manipulation, or unauthorized access to sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T15:29:19.426Z",
"orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"shortName": "WSO2"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4517/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4517/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4517/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
}
],
"value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4517/#solution https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4517/#solution"
}
],
"source": {
"advisory": "WSO2-2025-4517",
"discovery": "EXTERNAL"
},
"title": "Potential authenticated Server-Side Template Injection (SSTI) vulnerability.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"assignerShortName": "WSO2",
"cveId": "CVE-2025-12107",
"datePublished": "2026-02-19T10:04:47.542Z",
"dateReserved": "2025-10-23T11:28:43.355Z",
"dateUpdated": "2026-03-06T15:29:19.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14700 (GCVE-0-2025-14700)
Vulnerability from cvelistv5 – Published: 2025-12-17 00:04 – Updated: 2025-12-17 21:25
VLAI
Title
Improper Neutralization of Special Elements Used in a Template Engine in Crafty Controller
Summary
An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection.
Severity
9.9 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://gitlab.com/crafty-controller/crafty-4/-/i… | issue-trackingpermissions-required |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arcadia Technology, LLC | Crafty Controller |
Affected:
4.6.1
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14700",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T21:24:39.127580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T21:25:02.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Crafty Controller",
"vendor": "Arcadia Technology, LLC",
"versions": [
{
"status": "affected",
"version": "4.6.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thank you to [Rozza / rchar](https://gitlab.com/rchar) on GitLab for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T00:04:37.049Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #646",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/crafty-controller/crafty-4/-/issues/646"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.2"
}
],
"title": "Improper Neutralization of Special Elements Used in a Template Engine in Crafty Controller"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-14700",
"datePublished": "2025-12-17T00:04:37.049Z",
"dateReserved": "2025-12-14T14:48:04.696Z",
"dateUpdated": "2025-12-17T21:25:02.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14731 (GCVE-0-2025-14731)
Vulnerability from cvelistv5 – Published: 2025-12-15 23:32 – Updated: 2025-12-16 15:09
VLAI
Title
CTCMS Content Management System Frontend/Template Management CT_Parser.php special elements used in a template engine
Summary
A weakness has been identified in CTCMS Content Management System up to 2.1.2. This affects an unknown function in the library /ctcms/apps/libraries/CT_Parser.php of the component Frontend/Template Management Module. This manipulation causes improper neutralization of special elements used in a template engine. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.336488 | vdb-entry |
| https://vuldb.com/?ctiid.336488 | signaturepermissions-required |
| https://vuldb.com/?submit.707106 | third-party-advisory |
| https://vuldb.com/?submit.707107 | third-party-advisory |
| https://note-hxlab.wetolink.com/share/Ros8ZIeCLQrN | related |
| https://note-hxlab.wetolink.com/share/U6cnRoRfn09r | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CTCMS | Content Management System |
Affected:
2.1.0
Affected: 2.1.1 Affected: 2.1.2 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14731",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T14:37:09.923082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T15:09:13.941Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://note-hxlab.wetolink.com/share/Ros8ZIeCLQrN"
},
{
"tags": [
"exploit"
],
"url": "https://note-hxlab.wetolink.com/share/U6cnRoRfn09r"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Frontend/Template Management Module"
],
"product": "Content Management System",
"vendor": "CTCMS",
"versions": [
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.1.1"
},
{
"status": "affected",
"version": "2.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "airrudder (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in CTCMS Content Management System up to 2.1.2. This affects an unknown function in the library /ctcms/apps/libraries/CT_Parser.php of the component Frontend/Template Management Module. This manipulation causes improper neutralization of special elements used in a template engine. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-791",
"description": "Incomplete Filtering of Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T23:32:09.187Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-336488 | CTCMS Content Management System Frontend/Template Management CT_Parser.php special elements used in a template engine",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.336488"
},
{
"name": "VDB-336488 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.336488"
},
{
"name": "Submit #707106 | ctcms 2.1.2 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.707106"
},
{
"name": "Submit #707107 | ctcms 2.1.2 Command Injection (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.707107"
},
{
"tags": [
"related"
],
"url": "https://note-hxlab.wetolink.com/share/Ros8ZIeCLQrN"
},
{
"tags": [
"exploit"
],
"url": "https://note-hxlab.wetolink.com/share/U6cnRoRfn09r"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-15T18:07:07.000Z",
"value": "VulDB entry last update"
}
],
"title": "CTCMS Content Management System Frontend/Template Management CT_Parser.php special elements used in a template engine"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14731",
"datePublished": "2025-12-15T23:32:09.187Z",
"dateReserved": "2025-12-15T17:01:59.079Z",
"dateUpdated": "2025-12-16T15:09:13.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-2040 (GCVE-0-2025-2040)
Vulnerability from cvelistv5 – Published: 2025-03-06 20:00 – Updated: 2025-03-06 20:23
VLAI
Title
zhijiantianya ruoyi-vue-pro deploy special elements used in a template engine
Summary
A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this vulnerability is an unknown functionality of the file /admin-api/bpm/model/deploy. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
6.3 (Medium)
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.298783 | vdb-entry |
| https://vuldb.com/?ctiid.298783 | signaturepermissions-required |
| https://vuldb.com/?submit.512574 | third-party-advisory |
| https://github.com/uglory-gll/javasec/blob/main/r… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| zhijiantianya | ruoyi-vue-pro |
Affected:
2.4.1
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2040",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T20:23:20.541970Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T20:23:45.787Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ruoyi-vue-pro",
"vendor": "zhijiantianya",
"versions": [
{
"status": "affected",
"version": "2.4.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "uglory (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this vulnerability is an unknown functionality of the file /admin-api/bpm/model/deploy. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In zhijiantianya ruoyi-vue-pro 2.4.1 wurde eine kritische Schwachstelle entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /admin-api/bpm/model/deploy. Dank Manipulation mit unbekannten Daten kann eine improper neutralization of special elements used in a template engine-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-791",
"description": "Incomplete Filtering of Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T20:00:12.464Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-298783 | zhijiantianya ruoyi-vue-pro deploy special elements used in a template engine",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.298783"
},
{
"name": "VDB-298783 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.298783"
},
{
"name": "Submit #512574 | https://gitee.com/zhijiantianya/ruoyi-vue-pro ruoyi-vue-pro 2.4.1 SSTI",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.512574"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/uglory-gll/javasec/blob/main/ruoyi-vue-pro.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-06T10:32:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "zhijiantianya ruoyi-vue-pro deploy special elements used in a template engine"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2040",
"datePublished": "2025-03-06T20:00:12.464Z",
"dateReserved": "2025-03-06T09:27:39.518Z",
"dateUpdated": "2025-03-06T20:23:45.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23211 (GCVE-0-2025-23211)
Vulnerability from cvelistv5 – Published: 2025-01-28 15:24 – Updated: 2025-01-28 16:15
VLAI
Title
Tandoor Recipes - SSTI - Remote Code Execution
Summary
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24.
Severity
10 (Critical)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/TandoorRecipes/recipes/securit… | x_refsource_CONFIRM |
| https://github.com/TandoorRecipes/recipes/commit/… | x_refsource_MISC |
| https://github.com/TandoorRecipes/recipes/blob/4f… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TandoorRecipes | recipes |
Affected:
< 1.5.24
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23211",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T16:15:29.759500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T16:15:33.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8v"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "recipes",
"vendor": "TandoorRecipes",
"versions": [
{
"status": "affected",
"version": "\u003c 1.5.24"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T15:24:27.397Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8v"
},
{
"name": "https://github.com/TandoorRecipes/recipes/commit/e6087d5129cc9d0c24278948872377e66c2a2c20",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TandoorRecipes/recipes/commit/e6087d5129cc9d0c24278948872377e66c2a2c20"
},
{
"name": "https://github.com/TandoorRecipes/recipes/blob/4f9bff20c858180d0f7376de443a9fe4c123a50c/cookbook/helper/template_helper.py#L95",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TandoorRecipes/recipes/blob/4f9bff20c858180d0f7376de443a9fe4c123a50c/cookbook/helper/template_helper.py#L95"
}
],
"source": {
"advisory": "GHSA-r6rj-h75w-vj8v",
"discovery": "UNKNOWN"
},
"title": "Tandoor Recipes - SSTI - Remote Code Execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-23211",
"datePublished": "2025-01-28T15:24:27.397Z",
"dateReserved": "2025-01-13T17:15:41.051Z",
"dateUpdated": "2025-01-28T16:15:33.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23376 (GCVE-0-2025-23376)
Vulnerability from cvelistv5 – Published: 2025-04-28 14:34 – Updated: 2025-04-28 17:31
VLAI
Summary
Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00031108… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | PowerProtect Data Manager Reporting |
Affected:
19.15.0 , ≤ 19.18.0-23
(semver)
|
Date Public
2025-04-24 06:30
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23376",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T17:30:57.741219Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T17:31:27.959Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerProtect Data Manager Reporting",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "19.18.0-23",
"status": "affected",
"version": "19.15.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-04-24T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.\u003cbr\u003e"
}
],
"value": "Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T14:34:13.504Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000311083/dsa-2025-062-security-update-for-dell-powerprotect-data-manager-multiple-security-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2025-23376",
"datePublished": "2025-04-28T14:34:13.504Z",
"dateReserved": "2025-01-15T06:04:03.641Z",
"dateUpdated": "2025-04-28T17:31:27.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26789 (GCVE-0-2025-26789)
Vulnerability from cvelistv5 – Published: 2025-02-14 00:00 – Updated: 2025-02-14 15:33
VLAI
Summary
An issue was discovered in Logpoint AgentX before 1.5.0. A vulnerability caused by limited access controls allowed li-admin users to access sensitive information about AgentX Manager in a Logpoint deployment.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26789",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-14T15:33:22.910387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T15:33:35.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AgentX",
"vendor": "Logpoint",
"versions": [
{
"lessThan": "1.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Logpoint AgentX before 1.5.0. A vulnerability caused by limited access controls allowed li-admin users to access sensitive information about AgentX Manager in a Logpoint deployment."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T07:55:31.181Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://servicedesk.logpoint.com/hc/en-us/articles/24749416515741-Unauthorized-information-access-due-to-inadequate-access-controls"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-26789",
"datePublished": "2025-02-14T00:00:00.000Z",
"dateReserved": "2025-02-14T00:00:00.000Z",
"dateUpdated": "2025-02-14T15:33:35.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26865 (GCVE-0-2025-26865)
Vulnerability from cvelistv5 – Published: 2025-03-10 14:01 – Updated: 2025-03-11 19:26
VLAI
Title
Apache OFBiz: Server-Side Template Injection affecting the ecommerce plugin leading to possible RCE
Summary
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: from 18.12.17 before 18.12.18.
It's a regression between 18.12.17 and 18.12.18.
In case you use something like that, which is not recommended!
For security, only official releases should be used.
In other words, if you use 18.12.17 you are still safe.
The version 18.12.17 is not a affected.
But something between 18.12.17 and 18.12.18 is.
In that case, users are recommended to upgrade to version 18.12.18, which fixes the issue.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://ofbiz.apache.org/download.html | mitigationrelease-notesproduct |
| https://ofbiz.apache.org/security.html | patch |
| https://issues.apache.org/jira/browse/OFBIZ-12594 | issue-tracking |
| https://lists.apache.org/thread/prb48ztk01bflyyjb… | vendor-advisory |
| http://www.openwall.com/lists/oss-security/2025/03/07/1 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache OFBiz |
Affected:
18.12.17 , < 18.12.18
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-03-10T14:03:22.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/07/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-26865",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T19:25:54.489016Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T19:26:51.972Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache OFBiz",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "18.12.18",
"status": "affected",
"version": "18.12.17",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matei \"Mal\" Badanoiu"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.\u003c/p\u003e\u003cp\u003eThis issue affects Apache OFBiz: from 18.12.17 before 18.12.18.\u0026nbsp;\u0026nbsp;\u003c/p\u003eIt\u0027s a regression between 18.12.17 and 18.12.18.\u003cbr\u003eIn case you use something like that, which is not recommended!\u003cbr\u003eFor security, only official releases should be used.\u003cbr\u003e\u003cbr\u003eIn other words, if you use 18.12.17 you are still safe.\u003cbr\u003eThe version 18.12.17 is not a affected.\u003cbr\u003eBut something between 18.12.17 and 18.12.18 is.\u003cbr\u003e\u003cbr\u003eIn that case, users are recommended to upgrade to version 18.12.18, which fixes the issue.\u003cbr\u003e"
}
],
"value": "Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: from 18.12.17 before 18.12.18.\u00a0\u00a0\n\nIt\u0027s a regression between 18.12.17 and 18.12.18.\nIn case you use something like that, which is not recommended!\nFor security, only official releases should be used.\n\nIn other words, if you use 18.12.17 you are still safe.\nThe version 18.12.17 is not a affected.\nBut something between 18.12.17 and 18.12.18 is.\n\nIn that case, users are recommended to upgrade to version 18.12.18, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T14:01:06.952Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"mitigation",
"release-notes",
"product"
],
"url": "https://ofbiz.apache.org/download.html"
},
{
"tags": [
"patch"
],
"url": "https://ofbiz.apache.org/security.html"
},
{
"tags": [
"issue-tracking"
],
"url": "https://issues.apache.org/jira/browse/OFBIZ-12594"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/prb48ztk01bflyyjbl6p56wlcc1n5sz7"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache OFBiz: Server-Side Template Injection affecting the ecommerce plugin leading to possible RCE",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-26865",
"datePublished": "2025-03-10T14:01:06.952Z",
"dateReserved": "2025-02-17T09:53:13.390Z",
"dateUpdated": "2025-03-11T19:26:51.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Choose a template engine that offers a sandbox or restricted mode, or at least limits the power of any available expressions, function calls, or commands.
Mitigation
Phase: Implementation
Description:
- Use the template engine's sandbox or restricted mode, if available.
No CAPEC attack patterns related to this CWE.