PT-2025-20551 · Kong · Kong Insomnia Desktop Application
Justin Steven
+1
·
Published
2025-05-09
·
Updated
2025-12-27
·
CVE-2025-1087
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L |
Name of the Vulnerable Software and Affected Versions
Kong Insomnia Desktop Application versions prior to 11.0.2
Description
The Kong Insomnia Desktop Application is susceptible to a template injection issue. This flaw stems from inadequate validation of user-provided input during template string processing, potentially enabling attackers to execute arbitrary JavaScript code within the application's context. The vulnerability allows for remote code execution via cookies and imports.
Recommendations
Versions prior to 11.0.2 should be updated to version 11.0.2 or later.
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Kong Insomnia Desktop Application