Blog
May 8, 2025
CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution
A critical SSTI vulnerability was discovered in the open-source meal planning application Tandoor Recipes leading to a full system compromise.
2 min read

In January 2025, a critical Server-Side Template Injection (SSTI) vulnerability was disclosed in Tandoor Recipes, an open-source meal planning and recipe management application. The flaw exists in versions prior to 1.5.24 and stems from improper handling of user-supplied input within Jinja2 templates. This vulnerability allows authenticated users to execute arbitrary system commands on the server. When deployed using the provided Docker Compose setup, these commands can run with root privileges, leading to full system compromise
- CVE ID: CVE-2025-23211
- Severity: Critical
- CVSS Score: 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
- EPSS Score: 0.05%
- Published: January 28, 2025
- Affected Versions: <= 1.5.23
- Patched Version: 1.5.24
The vulnerability arises from unsanitized user input being directly embedded into Jinja2 templates. Specifically, user-provided content in recipe instructions is rendered without proper validation, allowing attackers to inject malicious Jinja2 expressions. This can lead to arbitrary code execution on the server.
In the default Docker Compose deployment, the application runs with root privileges. Exploiting this vulnerability in such an environment grants attackers root-level access to the host system.
An attacker can craft a malicious payload using Jinja2 syntax and insert it into the recipe instructions. For example:
{{ ()|attr(‘__class__’)|attr(‘__base__’)|attr(‘__subclasses__’)()|attr(‘__getitem__’)(418)(‘whoami’, shell=True, stdout=-1)|attr(‘communicate’)()|attr(‘__getitem__’)(0)|attr(‘decode’)(‘utf-8’) }} |
When this recipe is viewed, the server executes the whoami command, displaying the result. In the Docker Compose setup, this would return root, confirming command execution with elevated privileges.
Impact
Successful exploitation allows attackers to:
- Execute arbitrary system commands on the server
- Gain root access in Docker Compose deployments
- Compromise sensitive data and system integrity
- Potentially pivot to other systems within the network
Detection
- Version Check: Verify the installed version of Tandoor Recipes. Versions <= 1.5.23 are vulnerable.
- Log Analysis: Inspect application logs for unusual template rendering errors or unexpected command outputs.
- File Monitoring: Monitor for unauthorized changes to system files or the presence of unexpected processes.
- User Activity: Review user actions for suspicious behavior, especially users creating or modifying recipes with unusual content.
Mitigation
- Immediate Action: Upgrade to Tandoor Recipes version 1.5.24 or later, which includes the necessary patch.
- Input Validation: Implement strict input validation and sanitization to prevent injection of malicious content.
- Least Privilege: Avoid running applications with root privileges. Configure Docker containers to run as non-root users.
- Security Monitoring: Set up intrusion detection systems to monitor for anomalous activities.
References
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec

Research & Tutorials
CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution
A critical SSTI vulnerability was discovered in the open-source meal planning application Tandoor Recipes leading to a full system compromise.
May 8, 2025
2 min read

Research & Tutorials
CVE-2025-29927: Next.js Middleware Authorization Bypass
In this CVE blog, we explore a vulnerability in Next.js stemming from the improper trust of the x-middleware-subrequest header.
May 1, 2025
3 min read

Enterprise Security
When AI Becomes the Weak Link: Rethinking Supply Chain Security
AI is becoming a hidden entry point in supply chain attacks. Here’s why it matters and what organizations must do to stay protected.
Apr 30, 2025
7 min read