Vulnerability Description
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tandoor | Recipes | < 1.5.24 |
Related Weaknesses (CWE)
References
- https://github.com/TandoorRecipes/recipes/blob/4f9bff20c858180d0f7376de443a9fe4cProduct
- https://github.com/TandoorRecipes/recipes/commit/e6087d5129cc9d0c24278948872377ePatch
- https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8ExploitVendor Advisory
- https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8ExploitVendor Advisory
FAQ
What is CVE-2025-23211?
CVE-2025-23211 is a vulnerability with a CVSS score of 9.9 (CRITICAL). Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the p...
How severe is CVE-2025-23211?
CVE-2025-23211 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-23211?
Check the references section above for vendor advisories and patch information. Affected products include: Tandoor Recipes.