How severe is CVE-2025-23211?

CVE-2025-23211 has a CVSS v3 score of 9.9 (CRITICAL).

CVE-2025-23211

Name: recipes
Author: tandoor

9.9CRITICAL

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the p

Published: 1/28/2025Updated: 5/8/2025

Description

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24.

AI AnalysisPowered by AI

Affected Products

tandoorrecipes

References

https://github.com/TandoorRecipes/recipes/blob/4f9bff20c858180d0f7376de443a9fe4c123a50c/cookbook/helper/template_helper.py#L95
Product
https://github.com/TandoorRecipes/recipes/commit/e6087d5129cc9d0c24278948872377e66c2a2c20
Patch
https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8v
ExploitVendor Advisory
https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8v
ExploitVendor Advisory