CVE-2025-27516

CVE-2025-27516 is a sandbox escape vulnerability in Jinja, an extensible templating engine for Python, affecting versions prior to 3.1.6. The issue stems from an oversight in how the Jinja sandboxed environment handles the |attr filter, which allows an attacker controlling the content of a template to execute arbitrary Python code. Specifically, while the sandbox blocks calls to str.format to prevent escapes, the |attr filter can be used to obtain a reference to a string's underlying format method, bypassing these restrictions. This impacts applications that use Jinja to execute untrusted templates.

An attacker must control the content of a template rendered by a vulnerable Jinja instance to exploit this flaw, with feasibility depending on the application's design—such as web apps allowing user-supplied templates. Exploitation enables arbitrary Python code execution within the sandboxed context. The CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) reflects a local attacker with low privileges requiring low complexity and no user interaction, achieving high impacts on confidentiality, integrity, and availability due to the changed scope.

The vulnerability is fixed in Jinja 3.1.6, where the |attr filter no longer bypasses the environment's attribute lookup restrictions. Official advisories, including the GitHub security advisory (GHSA-cpwx-vrp4-4pq7) and the associated commit, detail the patch. Debian LTS announcements confirm backported fixes for affected distributions. Security practitioners should upgrade to Jinja 3.1.6 or later and audit applications for untrusted template execution.