Critical severity9.8GHSA Advisory· Published Mar 5, 2025· Updated Jun 17, 2026
CVE-2025-25362
CVE-2025-25362
Description
A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
spacy-llmPyPI | < 0.7.3 | 0.7.3 |
Affected products
2Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-793v-gxfp-9q9hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-25362ghsaADVISORY
- github.com/explosion/spacy-llm/commit/8bde0490cc1e9de9dd2e84480b7b5cd18a94d739ghsaWEB
- github.com/explosion/spacy-llm/issues/492nvdWEB
- github.com/explosion/spacy-llm/pull/491ghsaWEB
- www.hacktivesecurity.com/blog/2025/04/01/cve-2025-25362-old-vulnerabilities-new-victims-breaking-llm-prompts-with-sstighsaWEB
- www.hacktivesecurity.com/blog/2025/04/01/cve-2025-25362-old-vulnerabilities-new-victims-breaking-llm-prompts-with-ssti/nvd
News mentions
0No linked articles in our index yet.