Medium severity6.3GHSA Advisory· Published Jun 23, 2025· Updated Apr 29, 2026
CVE-2025-6518
CVE-2025-6518
Description
A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/single_llm_call.py of the component Jinja2 Template Handler. The manipulation of the argument user_message leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pyspurPyPI | <= 0.1.18 | — |
Affected products
2- Range: <= 0.1.18
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-8gff-cf92-72pvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-6518ghsaADVISORY
- github.com/PySpur-Dev/pyspur/issues/289nvdWEB
- vuldb.comnvdWEB
- vuldb.comnvdWEB
- vuldb.comnvdWEB
News mentions
0No linked articles in our index yet.