CVE-2025-23211

CRITICAL
2025-01-28 [email protected]
9.9
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 28, 2026 - 18:06 vuln.today
Patch Released
Mar 28, 2026 - 18:06 nvd
Patch available
PoC Detected
May 08, 2025 - 18:44 vuln.today
Public exploit code
CVE Published
Jan 28, 2025 - 16:15 nvd
CRITICAL 9.9

Tags

Docker Ssti Information Disclosure Recipes

Description

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24.

Analysis

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical Context

This vulnerability is classified under CWE-1336. Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24. Affected products include: Tandoor Recipes.

Affected Products

Tandoor Recipes.

Remediation

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Priority Score

70
Low Medium High Critical
KEV: 0
EPSS: +0.9
CVSS: +50
POC: +20

Share

CVE-2025-23211 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy