Critical severity9.8NVD Advisory· Published Mar 5, 2025· Updated Apr 15, 2026
CVE-2025-25362
CVE-2025-25362
Description
A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
spacy-llmPyPI | < 0.7.3 | 0.7.3 |
Patches
18bde0490cc1eFix jinja sandbox (#491)
3 files changed · +6 −7
.github/workflows/test.yml+2 −2 modified@@ -25,9 +25,9 @@ jobs: python_version: ["3.12"] include: - os: windows-latest - python_version: "3.7" + python_version: "3.9" - os: macos-latest - python_version: "3.8" + python_version: "3.9" - os: ubuntu-latest python_version: "3.9" - os: windows-latest
setup.cfg+2 −4 modified@@ -1,5 +1,5 @@ [metadata] -version = 0.7.2 +version = 0.7.3 description = Integrating LLMs into structured NLP pipelines author = Explosion author_email = contact@explosion.ai @@ -16,8 +16,6 @@ classifiers = Operating System :: MacOS :: MacOS X Operating System :: Microsoft :: Windows Programming Language :: Python :: 3 - Programming Language :: Python :: 3.7 - Programming Language :: Python :: 3.8 Programming Language :: Python :: 3.9 Programming Language :: Python :: 3.10 Programming Language :: Python :: 3.11 @@ -30,7 +28,7 @@ project_urls = [options] zip_safe = false include_package_data = true -python_requires = >=3.7 +python_requires = >=3.9 install_requires = spacy>=3.5,<4.0 jinja2
spacy_llm/tasks/builtin_task.py+2 −1 modified@@ -4,6 +4,7 @@ from typing import Any, Callable, Dict, Iterable, List, Optional, Tuple, Type, cast import jinja2 +import jinja2.sandbox import srsly from spacy import Errors, Language, util from spacy.tokens import Doc @@ -64,7 +65,7 @@ def generate_prompts( prompts in case of multiple shards) and the corresponding shards. The relationship between shard and prompt is 1:1. """ - environment = jinja2.Environment() + environment = jinja2.sandbox.SandboxedEnvironment() _template = environment.from_string(self._template) def render_template(shard: Doc, i_shard: int, i_doc: int, n_shards: int) -> str:
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-793v-gxfp-9q9hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-25362ghsaADVISORY
- github.com/explosion/spacy-llm/commit/8bde0490cc1e9de9dd2e84480b7b5cd18a94d739ghsaWEB
- github.com/explosion/spacy-llm/issues/492nvdWEB
- github.com/explosion/spacy-llm/pull/491ghsaWEB
- www.hacktivesecurity.com/blog/2025/04/01/cve-2025-25362-old-vulnerabilities-new-victims-breaking-llm-prompts-with-sstighsaWEB
- www.hacktivesecurity.com/blog/2025/04/01/cve-2025-25362-old-vulnerabilities-new-victims-breaking-llm-prompts-with-ssti/nvd
News mentions
0No linked articles in our index yet.