CVE-2025-23212 — HIGH (7.7)

Q: How severe is CVE-2025-23212?

CVE-2025-23212 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-23212?

Check the references section above for vendor advisories and patch information. Affected products include: Tandoor Recipes.

Vulnerability Description

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The external storage feature allows any user to enumerate the name and content of files on the server. This vulnerability is fixed in 1.5.28.

CVSS Score

7.7

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Tandoor	Recipes	< 1.5.28

Related Weaknesses (CWE)

CWE-200

References

https://github.com/TandoorRecipes/recipes/commit/36e83a9d0108ac56b9538b45ead57efPatch
https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-jrgj-35jx-2qqExploitVendor Advisory
https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-jrgj-35jx-2qqExploitVendor Advisory

FAQ

What is CVE-2025-23212?

CVE-2025-23212 is a vulnerability with a CVSS score of 7.7 (HIGH). Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The external storage feature allows any user to enumerate the name and content of files on the serv...

How severe is CVE-2025-23212?

CVE-2025-23212 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-23212?

Check the references section above for vendor advisories and patch information. Affected products include: Tandoor Recipes.