CVE-2025-53833
BaseFortify
Publication date: 2025-07-14
Last updated on: 2025-07-15
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| binarytorch | larecipe | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1336 | The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Server-Side Template Injection (SSTI) in LaRecipe versions prior to 2.8.1. It allows attackers to inject malicious template code that the server executes, potentially leading to Remote Code Execution (RCE). This means attackers could run arbitrary commands on the server, access sensitive environment variables, and escalate their access depending on the server's configuration.
How can this vulnerability impact me? :
The vulnerability can have severe impacts including allowing attackers to execute arbitrary commands on your server, which can lead to full system compromise. Attackers may also access sensitive environment variables and escalate their privileges, potentially resulting in data breaches, service disruption, and loss of control over the affected system.
What immediate steps should I take to mitigate this vulnerability?
Users are strongly advised to upgrade LaRecipe to version 2.8.1 or later to patch the Server-Side Template Injection vulnerability and prevent potential Remote Code Execution.