Spacy-Llm · Spacy-Llm · CVE-2025-25362
**Name of the Vulnerable Software and Affected Versions**
Spacy-LLM version 0.7.2
**Description**
A Server-Side Template Injection (SSTI) vulnerability allows attackers to execute arbitrary code via injecting a crafted payload into the template field.
**Recommendations**
For Spacy-LLM version 0.7.2, as a temporary workaround, consider restricting access to the template field to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.