CVE-2025-1087

Vulnerability Description

Kong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that allows attackers to execute arbitrary code. The vulnerability exists due to insufficient validation of user-supplied input when processing template strings, which can lead to arbitrary JavaScript execution in the context of the application.

Related Weaknesses (CWE)

CWE-20 CWE-94

References

https://github.com/Kong/insomnia
https://tantosec.com/blog/2025/06/insomnia-api-client-template-injection/

FAQ

What is CVE-2025-1087?

CVE-2025-1087 is a documented vulnerability. Kong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that allows attackers to execute arbitrary code. The vulnerability exists due to insufficient validation of ...

How severe is CVE-2025-1087?

CVSS scoring is not yet available for CVE-2025-1087. Check NVD for updates.

Is there a patch for CVE-2025-1087?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.