CVE-2025-25362
Published: 05 March 2025
Summary
CVE-2025-25362 is a critical-severity Code Injection (CWE-94) vulnerability in Hacktivesecurity (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 11.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as NLP Libraries; in the Other ATLAS/OWASP Terms risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 mandates validation of inputs like the template field, directly preventing crafted SSTI payloads from executing arbitrary code in Spacy-LLM.
SI-2 requires timely flaw remediation, such as patching Spacy-LLM v0.7.2 to eliminate the specific SSTI vulnerability.
SI-9 restricts insertion of executable code or scripts into the template field, blocking SSTI exploitation attempts.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSTI vulnerability enables remote exploitation of public-facing applications via crafted template payloads (T1190) and directly facilitates template injection for arbitrary code execution (T1221).
NVD Description
A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field.
Deeper analysisAI
CVE-2025-25362 is a Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM version 0.7.2. Published on 2025-03-05, it enables attackers to execute arbitrary code by injecting a crafted payload into the template field. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-94 (Code Injection).
Remote attackers require no authentication, privileges, or user interaction to exploit this over the network with low attack complexity. Successful exploitation allows full arbitrary code execution on the server, compromising confidentiality, integrity, and availability with high impact.
Mitigation guidance is available in referenced advisories, including the spacy-llm GitHub issue at https://github.com/explosion/spacy-llm/issues/492 and the Hacktive Security blog post at https://www.hacktivesecurity.com/blog/2025/04/01/cve-2025-25362-old-vulnerabilities-new-victims-breaking-llm-prompts-with-ssti/.
This vulnerability affects Spacy-LLM, a component for integrating large language models with spaCy's natural language processing capabilities, highlighting risks in AI/ML pipelines using unpatched template processing.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- NLP Libraries
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Spacy-LLM is an extension of the spaCy NLP library designed for integrating large language models (LLMs) into spaCy pipelines, classifying it under NLP Libraries.