PT-2025-20551 · Kong · Kong Insomnia Desktop Application

Justin Steven

Publicado

2025-05-09

Atualizado

2025-12-27

CVE-2025-1087

CVSS v4.0

9.3

Crítica

Vetor

AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L

Name of the Vulnerable Software and Affected Versions Kong Insomnia Desktop Application versions prior to 11.0.2

Description The Kong Insomnia Desktop Application is susceptible to a template injection issue. This flaw stems from inadequate validation of user-provided input during template string processing, potentially enabling attackers to execute arbitrary JavaScript code within the application's context. The vulnerability allows for remote code execution via cookies and imports.

Recommendations Versions prior to 11.0.2 should be updated to version 11.0.2 or later.

Correção

RCE

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94CWE-20

Identificadores relacionados

CVE-2025-1087

Produtos afetados

Kong Insomnia Desktop Application

PT-2025-20551 · Kong · Kong Insomnia Desktop Application

CVE-2025-1087

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 20