CVE-2025-25362
Published: 05 March 2025
Summary
CVE-2025-25362 is a critical-severity Code Injection (CWE-94) vulnerability in Hacktivesecurity (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 11.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as NLP and Transformers; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-25362 is a Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM version 0.7.2. Published on 2025-03-05, it enables attackers to execute arbitrary code by injecting a crafted payload into the template field. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-94 (Code Injection).
Remote attackers require no authentication, privileges, or user interaction to exploit this over the network with low attack complexity. Successful exploitation allows full arbitrary code execution on the server, compromising confidentiality, integrity, and availability with high impact.
Mitigation guidance is available in referenced advisories, including the spacy-llm GitHub issue at https://github.com/explosion/spacy-llm/issues/492 and the Hacktive Security blog post at https://www.hacktivesecurity.com/blog/2025/04/01/cve-2025-25362-old-vulnerabilities-new-victims-breaking-llm-prompts-with-ssti/.
This vulnerability affects Spacy-LLM, a component for integrating large language models with spaCy's natural language processing capabilities, highlighting risks in AI/ML pipelines using unpatched template processing.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6100
Vulnerability details
A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field.
- CWE(s)
AI Security AnalysisAI
- AI Category
- NLP and Transformers
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: llm, spacy
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSTI vulnerability enables remote exploitation of public-facing applications via crafted template payloads (T1190) and directly facilitates template injection for arbitrary code execution (T1221).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-10 mandates validation of inputs like the template field, directly preventing crafted SSTI payloads from executing arbitrary code in Spacy-LLM.
SI-2 requires timely flaw remediation, such as patching Spacy-LLM v0.7.2 to eliminate the specific SSTI vulnerability.
SI-9 restricts insertion of executable code or scripts into the template field, blocking SSTI exploitation attempts.