CVE-2025-23211

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Tandoor Recipes versions prior to 1.5.24

Description: The issue is related to a Jinja2 SSTI vulnerability that allows any user to execute commands on the server, potentially with root privileges in the case of the provided Docker Compose file. This vulnerability has been fixed in version 1.5.24.

Recommendations: Tandoor Recipes versions prior to 1.5.24: Update to version 1.5.24 to fix the Jinja2 SSTI vulnerability.

Exploit

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1336CWE-94

Related Identifiers

CVE-2025-23211

GHSA-R6RJ-H75W-VJ8V

Affected Products

Docker Compose

CVE-2025-23211

Weakness Enumeration

Related Identifiers

Affected Products

References · 12