CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-25362: A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted...

Description

A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field.

Classification

CVE ID: CVE-2025-25362

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.11% (probability of being exploited)

EPSS Percentile: 25.82% (scored less or equal to compared to others)

EPSS Date: 2025-04-02 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-25362
https://github.com/explosion/spacy-llm/issues/492

Timeline

2025-03-05 21:40:20 UTC
CVE

A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted...
2025-03-05 23:15:20 UTC
Github Advisory Database (PIP)

[spacy-llm] Spacy-LLM Server-Side Template Injection (SSTI) vulnerability