Medium severity6.3NVD Advisory· Published Jun 23, 2025· Updated Apr 29, 2026
CVE-2025-6518
CVE-2025-6518
Description
A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/single_llm_call.py of the component Jinja2 Template Handler. The manipulation of the argument user_message leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pyspurPyPI | <= 0.1.18 | — |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-8gff-cf92-72pvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-6518ghsaADVISORY
- github.com/PySpur-Dev/pyspur/issues/289nvdWEB
- vuldb.comnvdWEB
- vuldb.comnvdWEB
- vuldb.comnvdWEB
News mentions
0No linked articles in our index yet.