VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-23hx-apt2-77bn

Essentials
Severities (25)
References (45)
Severity details (18)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-23hx-apt2-77bn
Aliases	CVE-2025-27516 GHSA-cpwx-vrp4-4pq7
Summary	Jinja2 vulnerable to sandbox breakout through attr filter selecting format method An oversight in how the Jinja sandboxed environment interacts with the `\|attr` filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to use the `\|attr` filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the `\|attr` filter no longer bypasses the environment's attribute lookup.
Status	Published
Exploitability	0.5
Weighted Severity	6.6
Risk	3.3
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1336	Improper Neutralization of Special Elements Used in a Template Engine
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	7.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27516.json
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2025-27516
epss	0.00214	https://api.first.org/data/v1/epss?cve=CVE-2025-27516
epss	0.00214	https://api.first.org/data/v1/epss?cve=CVE-2025-27516
epss	0.00214	https://api.first.org/data/v1/epss?cve=CVE-2025-27516
epss	0.00214	https://api.first.org/data/v1/epss?cve=CVE-2025-27516
epss	0.00214	https://api.first.org/data/v1/epss?cve=CVE-2025-27516
epss	0.00214	https://api.first.org/data/v1/epss?cve=CVE-2025-27516
cvssv3.1	6.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-cpwx-vrp4-4pq7
cvssv4	5.4	https://github.com/pallets/jinja
generic_textual	MODERATE	https://github.com/pallets/jinja
cvssv4	5.4	https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403
generic_textual	MODERATE	https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403
ssvc	Track	https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403
cvssv3.1_qr	MODERATE	https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7
cvssv4	5.4	https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7
generic_textual	MODERATE	https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7
ssvc	Track	https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7
cvssv4	5.4	https://lists.debian.org/debian-lts-announce/2025/04/msg00022.html
generic_textual	MODERATE	https://lists.debian.org/debian-lts-announce/2025/04/msg00022.html
cvssv4	5.4	https://lists.debian.org/debian-lts-announce/2025/04/msg00045.html
generic_textual	MODERATE	https://lists.debian.org/debian-lts-announce/2025/04/msg00045.html
cvssv4	5.4	https://nvd.nist.gov/vuln/detail/CVE-2025-27516
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2025-27516

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27516.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-27516
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27516
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/pallets/jinja
		https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403
		https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7
		https://lists.debian.org/debian-lts-announce/2025/04/msg00022.html
		https://lists.debian.org/debian-lts-announce/2025/04/msg00045.html
		https://nvd.nist.gov/vuln/detail/CVE-2025-27516
1099690		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099690
2350190		https://bugzilla.redhat.com/show_bug.cgi?id=2350190
GHSA-cpwx-vrp4-4pq7		https://github.com/advisories/GHSA-cpwx-vrp4-4pq7
RHSA-2025:2664		https://access.redhat.com/errata/RHSA-2025:2664
RHSA-2025:2688		https://access.redhat.com/errata/RHSA-2025:2688
RHSA-2025:3017		https://access.redhat.com/errata/RHSA-2025:3017
RHSA-2025:3111		https://access.redhat.com/errata/RHSA-2025:3111
RHSA-2025:3113		https://access.redhat.com/errata/RHSA-2025:3113
RHSA-2025:3123		https://access.redhat.com/errata/RHSA-2025:3123
RHSA-2025:3124		https://access.redhat.com/errata/RHSA-2025:3124
RHSA-2025:3160		https://access.redhat.com/errata/RHSA-2025:3160
RHSA-2025:3162		https://access.redhat.com/errata/RHSA-2025:3162
RHSA-2025:3371		https://access.redhat.com/errata/RHSA-2025:3371
RHSA-2025:3374		https://access.redhat.com/errata/RHSA-2025:3374
RHSA-2025:3388		https://access.redhat.com/errata/RHSA-2025:3388
RHSA-2025:3406		https://access.redhat.com/errata/RHSA-2025:3406
RHSA-2025:3562		https://access.redhat.com/errata/RHSA-2025:3562
RHSA-2025:3568		https://access.redhat.com/errata/RHSA-2025:3568
RHSA-2025:3580		https://access.redhat.com/errata/RHSA-2025:3580
RHSA-2025:3585		https://access.redhat.com/errata/RHSA-2025:3585
RHSA-2025:3586		https://access.redhat.com/errata/RHSA-2025:3586
RHSA-2025:3588		https://access.redhat.com/errata/RHSA-2025:3588
RHSA-2025:3595		https://access.redhat.com/errata/RHSA-2025:3595
RHSA-2025:3622		https://access.redhat.com/errata/RHSA-2025:3622
RHSA-2025:3671		https://access.redhat.com/errata/RHSA-2025:3671
RHSA-2025:3775		https://access.redhat.com/errata/RHSA-2025:3775
RHSA-2025:3779		https://access.redhat.com/errata/RHSA-2025:3779
RHSA-2025:3789		https://access.redhat.com/errata/RHSA-2025:3789
RHSA-2025:4018		https://access.redhat.com/errata/RHSA-2025:4018
RHSA-2025:4203		https://access.redhat.com/errata/RHSA-2025:4203
RHSA-2025:4408		https://access.redhat.com/errata/RHSA-2025:4408
RHSA-2025:4431		https://access.redhat.com/errata/RHSA-2025:4431
RHSA-2025:4730		https://access.redhat.com/errata/RHSA-2025:4730
RHSA-2025:7476		https://access.redhat.com/errata/RHSA-2025:7476
USN-7343-1		https://usn.ubuntu.com/7343-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27516.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/pallets/jinja

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-31T03:56:03Z/ Found at https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403

Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-31T03:56:03Z/ Found at https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7

Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://lists.debian.org/debian-lts-announce/2025/04/msg00022.html

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://lists.debian.org/debian-lts-announce/2025/04/msg00045.html

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2025-27516

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.32859
EPSS Score	0.00133
Published At	April 13, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:56:17.163771+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-cpwx-vrp4-4pq7/GHSA-cpwx-vrp4-4pq7.json	38.0.0