CVE-2025-27516
Arbitrary Code Execution vulnerability in jinja2 (PyPI)
What is CVE-2025-27516 About?
This vulnerability in Jinja's sandboxed environment allows arbitrary Python code execution through the `|attr` filter. An attacker controlling template content can bypass the sandbox. The impact is severe, granting the attacker control over the application, and exploitation is possible if untrusted templates are processed.
Affected Software
Technical Details
An oversight in the Jinja templating engine, specifically how its sandboxed environment handles the |attr filter, can lead to arbitrary Python code execution. While Jinja's sandbox usually prevents str.format calls from escaping, the |attr filter could be leveraged to retrieve a reference to a string's plain format method. This bypasses the sandbox's protective measures, allowing an attacker who controls the template content to execute arbitrary Python code outside of the intended sandboxed context. The fix addresses this by ensuring the |attr filter no longer circumvents the environment's attribute lookup rules.
What is the Impact of CVE-2025-27516?
Successful exploitation may allow attackers to execute arbitrary Python code, leading to full system compromise, data manipulation, or denial of service.
What is the Exploitability of CVE-2025-27516?
Exploitation requires an attacker to control the content of a Jinja template that is subsequently rendered by the application. This implies the attacker needs to be able to inject or modify template code. There are no explicit authentication requirements beyond what's needed to submit or control template data. Privilege requirements are those of the application running Jinja. This could be a remote or local attack depending on how template content is ingested. The complexity is moderate, as it requires crafting specific template code to achieve the sandbox bypass. The risk is significantly higher for applications that execute untrusted templates from external sources.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2025-27516?
About the Fix from Resolved Security
This patch changes how the Jinja2 attr filter accesses object attributes to ensure it no longer falls back to item access (e.g., obj["attr"]) if the named attribute doesn't exist. This prevents sandbox escapes where untrusted templates could access or invoke dangerous built-in functions or objects through crafted attribute names, fixing CVE-2025-27516. As a result, only true attributes are accessed, blocking abuse via the filter's fallback logic.
Available Upgrade Options
- jinja2
- <3.1.6 → Upgrade to 3.1.6
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://osv.dev/vulnerability/GHSA-cpwx-vrp4-4pq7
- https://github.com/pallets/jinja
- https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403
- https://nvd.nist.gov/vuln/detail/CVE-2025-27516
- https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7
- https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403
- https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7
What are Similar Vulnerabilities to CVE-2025-27516?
Similar Vulnerabilities: CVE-2021-44228 , CVE-2023-23916 , CVE-2022-24795 , CVE-2022-29217 , CVE-2023-49080
