CVE-2025-23211 Overview
CVE-2025-23211 is a critical Server-Side Template Injection (SSTI) vulnerability in Tandoor Recipes, a popular open-source application for managing recipes, planning meals, and building shopping lists. The vulnerability exists in the Jinja2 template processing functionality, allowing any authenticated user to execute arbitrary commands on the server. When deployed using the provided Docker Compose configuration, this can result in command execution with root privileges.
Critical Impact
Any authenticated user can achieve remote code execution on the server, potentially gaining root access when using the default Docker Compose deployment configuration.
Affected Products
- Tandoor Recipes versions prior to 1.5.24
- Docker Compose deployments running vulnerable versions (with potential root-level access)
- Self-hosted Tandoor Recipes instances
Discovery Timeline
- 2025-01-28 - CVE-2025-23211 published to NVD
- 2025-05-08 - Last updated in NVD database
Technical Details for CVE-2025-23211
Vulnerability Analysis
This vulnerability is a Server-Side Template Injection (SSTI) flaw in Tandoor Recipes' Jinja2 template processing engine. Jinja2 is a widely-used Python templating engine, and when user-controlled input is rendered directly into templates without proper sanitization, attackers can inject malicious template directives that execute arbitrary Python code on the server.
The vulnerable code resides in the template_helper.py file within the cookbook helper module. When processing recipe data or user input through the template engine, the application fails to properly sanitize or sandbox the template rendering context, allowing injection of Jinja2 expressions that can escape the template sandbox and execute system commands.
The impact is particularly severe in Docker deployments using the provided Docker Compose configuration, where the application container runs as root. This means successful exploitation grants the attacker root-level command execution within the container, potentially leading to container escape, lateral movement, or complete system compromise.
Root Cause
The root cause of CVE-2025-23211 is improper handling of user-supplied input within the Jinja2 template rendering process. The application directly incorporates user-controlled data into template expressions without implementing proper sandboxing or input validation. This allows attackers to inject template syntax that accesses Python's object introspection capabilities to reach dangerous classes and execute arbitrary code.
The vulnerable code path can be traced to the template helper functionality at line 95 in cookbook/helper/template_helper.py, where user input is processed through the Jinja2 engine without adequate protection mechanisms.
Attack Vector
The attack requires network access and low-privilege authentication to the Tandoor Recipes application. Once authenticated, an attacker can craft malicious input containing Jinja2 template injection payloads. Common SSTI attack patterns leverage Python's object model to traverse from safe objects to dangerous built-in functions, ultimately achieving command execution.
Typical exploitation involves injecting Jinja2 expressions that access the __class__, __mro__, __subclasses__, and __globals__ attributes to navigate Python's object hierarchy and locate modules capable of executing system commands, such as os.popen() or subprocess.Popen().
The vulnerability can be exploited by any authenticated user, meaning even users with minimal privileges can escalate to full server control. For detailed technical information, refer to the GitHub Security Advisory GHSA-r6rj-h75w-vj8v.
Detection Methods for CVE-2025-23211
Indicators of Compromise
- Unusual Jinja2 template syntax in user-submitted recipe data or form fields containing strings like {{, {%, __class__, __mro__, or __subclasses__
- Unexpected process execution originating from the Tandoor Recipes application container
- Server logs showing template rendering errors with Python object attribute access patterns
- Outbound network connections from the application container to external command-and-control infrastructure
Detection Strategies
- Monitor application logs for suspicious template syntax patterns including __class__, __mro__, __subclasses__, and __globals__ attribute chains
- Implement Web Application Firewall (WAF) rules to detect and block common SSTI payloads in HTTP requests
- Deploy container runtime security to detect anomalous command execution within the Tandoor Recipes container
- Review user-submitted content for template injection indicators using automated scanning tools
Monitoring Recommendations
- Enable verbose logging in Tandoor Recipes and review logs for template rendering anomalies
- Implement network monitoring to detect unexpected outbound connections from the application container
- Configure host-based intrusion detection systems (HIDS) to alert on suspicious process spawning from Python/Django processes
- Set up file integrity monitoring on critical system files within the container environment
How to Mitigate CVE-2025-23211
Immediate Actions Required
- Upgrade Tandoor Recipes to version 1.5.24 or later immediately
- If immediate upgrade is not possible, restrict access to authenticated users and review user permissions
- Audit existing user accounts and remove any unauthorized or unnecessary accounts
- Review server logs for signs of prior exploitation attempts
Patch Information
The vulnerability has been fixed in Tandoor Recipes version 1.5.24. The security patch addresses the SSTI vulnerability by implementing proper input sanitization and template sandbox restrictions. The fix can be reviewed in the GitHub Commit Update. Organizations should upgrade to version 1.5.24 or the latest available release as soon as possible.
Workarounds
- Place the Tandoor Recipes application behind a reverse proxy with request filtering to block common SSTI payloads
- Restrict network access to the application to trusted IP addresses only using firewall rules
- Run the Docker container with a non-root user by modifying the Docker Compose configuration
- Implement additional authentication layers (e.g., VPN, SSO) to limit exposure while awaiting the patch deployment
# Run container as non-root user (add to docker-compose.yml)
user: "1000:1000"
# Restrict container capabilities
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
