How severe is CVE-2025-27516?

This vulnerability has a severity rating of MEDIUM with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2025-27516?

This is classified as CWE-1336, which is a common weakness in software security.

CVE-2025-27516 - MEDIUM Severity | CVSS N/A

Vulnerability Description

Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to use the |attr filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the |attr filter no longer bypasses the environment's attribute lookup. This vulnerability is fixed in 3.1.6.

Related Vulnerabilities

CVE-2023-6709

CRITICAL

CVSS:10.0(Critical)

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.

CWE-13362023

CVE-2024-32651

CRITICAL

CVSS:10.0(Critical)

changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote...

CWE-13362024

CVE-2024-4040

CRITICAL

CVSS:10.0(Critical)

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside o...

CWE-13362024

CVE-2025-47916

CRITICAL

CVSS:10.0(Critical)

Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/f...

CWE-13362025

CVE-2024-12583

CRITICAL

CVSS:9.9(Critical)

The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. T...

CWE-13362024

CVE-2024-37301

CRITICAL

CVSS:9.9(Critical)

Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via se...

CWE-13362024