CVE-2025-53194
BaseFortify
Publication date: 2025-08-20
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| crocoblock | jetengine | 3.7.0 |
| crocoblock | jetengine | 3.7.1.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1336 | The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine. |
| CWE-82 | The web application does not neutralize or incorrectly neutralizes scripting elements within attributes of HTML IMG tags, such as the src attribute. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Improper Neutralization of Special Elements Used in a Template Engine in Crocoblock JetEngine, which allows an attacker to perform code injection. This means that the template engine does not properly handle special elements, enabling malicious code to be injected and executed.
How can this vulnerability impact me? :
This vulnerability can have a severe impact, including allowing an attacker to execute arbitrary code, potentially leading to full system compromise. It affects confidentiality, integrity, and availability, meaning sensitive data could be exposed or altered, and system functionality could be disrupted.