Blog

Research & Tutorials

May 8, 2025

CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution

A critical SSTI vulnerability was discovered in the open-source meal planning application Tandoor Recipes leading to a full system compromise.

2 min read

CVE Overview

In January 2025, a critical Server-Side Template Injection (SSTI) vulnerability was disclosed in Tandoor Recipes, an open-source meal planning and recipe management application. The flaw exists in versions prior to 1.5.24 and stems from improper handling of user-supplied input within Jinja2 templates. This vulnerability allows authenticated users to execute arbitrary system commands on the server. When deployed using the provided Docker Compose setup, these commands can run with root privileges, leading to full system compromise

  • CVE ID: CVE-2025-23211
  • Severity: Critical
  • CVSS Score: 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
  • EPSS Score: 0.05%
  • Published: January 28, 2025
  • Affected Versions: <= 1.5.23
  • Patched Version: 1.5.24

Vulnerability Breakdown

The vulnerability arises from unsanitized user input being directly embedded into Jinja2 templates. Specifically, user-provided content in recipe instructions is rendered without proper validation, allowing attackers to inject malicious Jinja2 expressions. This can lead to arbitrary code execution on the server.

In the default Docker Compose deployment, the application runs with root privileges. Exploiting this vulnerability in such an environment grants attackers root-level access to the host system.

Exploitation

An attacker can craft a malicious payload using Jinja2 syntax and insert it into the recipe instructions. For example:

{{ ()|attr(‘__class__’)|attr(‘__base__’)|attr(‘__subclasses__’)()|attr(‘__getitem__’)(418)(‘whoami’, shell=True, stdout=-1)|attr(‘communicate’)()|attr(‘__getitem__’)(0)|attr(‘decode’)(‘utf-8’) }}

When this recipe is viewed, the server executes the whoami command, displaying the result. In the Docker Compose setup, this would return root, confirming command execution with elevated privileges.

Impact

Successful exploitation allows attackers to:

  • Execute arbitrary system commands on the server
  • Gain root access in Docker Compose deployments
  • Compromise sensitive data and system integrity
  • Potentially pivot to other systems within the network

Detection

  1. Version Check: Verify the installed version of Tandoor Recipes. Versions <= 1.5.23 are vulnerable.
  2. Log Analysis: Inspect application logs for unusual template rendering errors or unexpected command outputs.
  3. File Monitoring: Monitor for unauthorized changes to system files or the presence of unexpected processes.
  4. User Activity: Review user actions for suspicious behavior, especially users creating or modifying recipes with unusual content.

Mitigation

  • Immediate Action: Upgrade to Tandoor Recipes version 1.5.24 or later, which includes the necessary patch.
  • Input Validation: Implement strict input validation and sanitization to prevent injection of malicious content.
  • Least Privilege: Avoid running applications with root privileges. Configure Docker containers to run as non-root users.
  • Security Monitoring: Set up intrusion detection systems to monitor for anomalous activities.

References

Stay in the know: Become an OffSec Insider

Stay in the know: Become an OffSec Insider

Get the latest updates about resources, events & promotions from OffSec!

Latest from OffSec