CVE-2025-27516

Description

Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to use the |attr filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the |attr filter no longer bypasses the environment's attribute lookup. This vulnerability is fixed in 3.1.6.

CVSS v3.1 Score

8.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Weakness Type (CWE)

CWE-1336 CWE-1336

Affected Products

Vendor	Product	Versions
palletsprojects	jinja	< 3.1.6
debian	debian_linux	All

References

Advisories & Patches

https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403 https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7

Other References

https://lists.debian.org/debian-lts-announce/2025/04/msg00022.html https://lists.debian.org/debian-lts-announce/2025/04/msg00045.html

Frequently Asked Questions

What is CVE-2025-27516? +

Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to use the |attr filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the |attr filter no longer bypasses the environment's attribute lookup. This vulnerability is fixed in 3.1.6. It has a CVSS v3.1 base score of 8.8 (HIGH).

How severe is CVE-2025-27516? +

CVE-2025-27516 has a CVSS v3.1 score of 8.8 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.

What products are affected by CVE-2025-27516? +

CVE-2025-27516 affects products from debian, palletsprojects, specifically: debian_linux, jinja. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2025-27516? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-44129

SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulnerability in the new GINA UI because an …

CVE-2025-26789

An issue was discovered in Logpoint AgentX before 1.5.0. A vulnerability caused by limited access controls allowed li-admin users to …

CVE-2024-9150

Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently limits what code might be included. An …

CVE-2025-34300

A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web …

CVE-2025-65106

LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a …

CVE-2024-58293

Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input …