CVE-2025-6518 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2025-6518

CVE-2025-6518

June 23, 2025

A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/single_llm_call.py of the component Jinja2 Template Handler. The manipulation of the argument user_message leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Related Resources (6)

https://github.com/PySpur-Dev/pyspur/issues/289

https://github.com/PySpur-Dev/pyspur

https://vuldb.com/?id.313638

https://vuldb.com/?ctiid.313638

https://nvd.nist.gov/vuln/detail/CVE-2025-6518

https://vuldb.com/?submit.593612

Do you need more information?

CVSS v4

Base Score:

8.9

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

Exploit Maturity

POC

CVSS v3

Base Score:

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Exploit Maturity

PROOF-OF-CONCEPT

Weakness Type (CWE)

Incomplete Filtering of Special Elements

CWE-791

Improper Neutralization of Special Elements Used in a Template Engine

CWE-1336

EPSS

Base Score:

0.02

Products

Solutions

Resources

Company

Compare

Developer Tools