Home > Vulnerability Database > CVE-2025-23211

Mend.io Vulnerability Database

CVE-2025-23211

Date: January 28, 2025

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24.

Severity Score

9.9

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-23211

Url: https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8v

Url: https://github.com/TandoorRecipes/recipes/commit/e6087d5129cc9d0c24278948872377e66c2a2c20

Url: https://github.com/TandoorRecipes/recipes/blob/4f9bff20c858180d0f7376de443a9fe4c123a50c/cookbook/helper/template_helper.py#L95

Url: https://www.mend.io/vulnerability-database/CVE-2025-23211

Severity Score

9.9

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

Improper Neutralization of Special Elements Used in a Template Engine

CWE-1336

CVSS v3.1

Base Score:	9.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-23211

Date: January 28, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?