CVE-2025-25362
Published: 05 March 2025
Description
Adversaries may create or modify references in user document templates to conceal malicious code or force authentication attempts.
Security Summary
CVE-2025-25362 is a Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM version 0.7.2. Published on 2025-03-05, it enables attackers to execute arbitrary code by injecting a crafted payload into the template field. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-94 (Code Injection).
Remote attackers require no authentication, privileges, or user interaction to exploit this over the network with low attack complexity. Successful exploitation allows full arbitrary code execution on the server, compromising confidentiality, integrity, and availability with high impact.
Mitigation guidance is available in referenced advisories, including the spacy-llm GitHub issue at https://github.com/explosion/spacy-llm/issues/492 and the Hacktive Security blog post at https://www.hacktivesecurity.com/blog/2025/04/01/cve-2025-25362-old-vulnerabilities-new-victims-breaking-llm-prompts-with-ssti/.
This vulnerability affects Spacy-LLM, a component for integrating large language models with spaCy's natural language processing capabilities, highlighting risks in AI/ML pipelines using unpatched template processing.
Details
- CWE(s)
AI Security Analysis
- AI Category
- NLP Libraries
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- MITRE ATLAS Techniques
- None mapped
- Classification Reason
- Spacy-LLM is an extension of the spaCy NLP library designed for integrating large language models (LLMs) into spaCy pipelines, classifying it under NLP Libraries.
MITRE ATT&CK Enterprise Techniques
Why these techniques?
SSTI vulnerability enables remote exploitation of public-facing applications via crafted template payloads (T1190) and directly facilitates template injection for arbitrary code execution (T1221).