Improper Neutralization of Special Elements Used in a Template Engine

CVE-2025-53833

High

10/10

Summary

LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. The package binarytorch/larecipe versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could potentially lead to Remote Code Execution (RCE) in vulnerable configurations. Attackers could execute arbitrary commands on the server, access sensitive environment variables, and/or escalate access depending on server configuration.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine

The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.

References

Advisory Timeline

Published Jul 14, 2025

Improper Neutralization of Special Elements Used in a Template Engine

CVE-2025-53833

Summary

CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS