CVE-2025-27516 - Vulnerability Details

Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to use the |attr filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the |attr filter no longer bypasses the environment's attribute lookup. This vulnerability is fixed in 3.1.6.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Redhat	Ansible Automation Platform Enterprise Linux Openshift Openstack Rhdh Rhel Aus Rhel E4s Rhel Eus Rhel Tus

No data.

Package	CPE	Advisory	Released Date
Ansible Automation Platform Execution Environments
ansible-automation-platform/ee-minimal-rhel8:2.16.14-11	cpe:/a:redhat:ansible_automation_platform:ee::el8	RHSA-2025:2664	2025-03-11T00:00:00Z
ansible-automation-platform/ee-minimal-rhel9:2.17.9-4	cpe:/a:redhat:ansible_automation_platform:ee::el8	RHSA-2025:2664	2025-03-11T00:00:00Z
Red Hat Ansible Automation Platform 2.4 for RHEL 8
automation-controller-0:4.5.20-1.el8ap	cpe:/a:redhat:ansible_automation_platform:2.4::el8	RHSA-2025:3123	2025-03-24T00:00:00Z
python3x-jinja2-0:3.1.6-1.el8ap	cpe:/a:redhat:ansible_automation_platform:2.4::el8	RHSA-2025:3123	2025-03-24T00:00:00Z
ansible-automation-platform-24/lightspeed-rhel8:2.4.250225-5	cpe:/a:redhat:ansible_automation_platform:2.4::el8	RHSA-2025:3124	2025-03-24T00:00:00Z
Red Hat Ansible Automation Platform 2.4 for RHEL 9
automation-controller-0:4.5.20-1.el9ap	cpe:/a:redhat:ansible_automation_platform:2.4::el9	RHSA-2025:3123	2025-03-24T00:00:00Z
python-jinja2-0:3.1.6-1.el9ap	cpe:/a:redhat:ansible_automation_platform:2.4::el9	RHSA-2025:3123	2025-03-24T00:00:00Z
Red Hat Ansible Automation Platform 2.5 for RHEL 8
automation-controller-0:4.6.10-1.el8ap	cpe:/a:redhat:ansible_automation_platform:2.5::el8	RHSA-2025:3160	2025-03-25T00:00:00Z
python3.11-jinja2-0:3.1.6-1.el8ap	cpe:/a:redhat:ansible_automation_platform:2.5::el8	RHSA-2025:3160	2025-03-25T00:00:00Z
ansible-automation-platform-25/lightspeed-rhel8:2.5.250318-2	cpe:/a:redhat:ansible_automation_platform:2.5::el8	RHSA-2025:3162	2025-03-25T00:00:00Z
Red Hat Ansible Automation Platform 2.5 for RHEL 9
automation-controller-0:4.6.10-1.el9ap	cpe:/a:redhat:ansible_automation_platform:2.5::el9	RHSA-2025:3160	2025-03-25T00:00:00Z
python3.11-jinja2-0:3.1.6-1.el9ap	cpe:/a:redhat:ansible_automation_platform:2.5::el9	RHSA-2025:3160	2025-03-25T00:00:00Z
Red Hat Enterprise Linux 8
python-jinja2-0:2.10.1-7.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:3388	2025-03-31T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
python-jinja2-0:2.10.1-2.el8_2.4	cpe:/a:redhat:rhel_aus:8.2	RHSA-2025:3671	2025-04-08T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
python-jinja2-0:2.10.1-2.el8_4.2	cpe:/a:redhat:rhel_aus:8.4	RHSA-2025:3562	2025-04-03T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
python-jinja2-0:2.10.1-2.el8_4.2	cpe:/a:redhat:rhel_tus:8.4	RHSA-2025:3562	2025-04-03T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
python-jinja2-0:2.10.1-2.el8_4.2	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2025:3562	2025-04-03T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
python-jinja2-0:2.10.1-4.el8_6.2	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:3622	2025-04-07T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
python-jinja2-0:2.10.1-4.el8_6.2	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:3622	2025-04-07T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
python-jinja2-0:2.10.1-4.el8_6.2	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:3622	2025-04-07T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
python-jinja2-0:2.10.1-5.el8_8	cpe:/a:redhat:rhel_eus:8.8	RHSA-2025:3580	2025-04-03T00:00:00Z
Red Hat Enterprise Linux 9
fence-agents-0:4.10.0-76.el9_5.6	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:3113	2025-03-24T00:00:00Z
python-jinja2-0:2.11.3-8.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:3406	2025-03-31T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
fence-agents-0:4.10.0-20.el9_0.21	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:3017	2025-03-18T00:00:00Z
python-jinja2-0:2.11.3-5.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:3588	2025-04-03T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
fence-agents-0:4.10.0-43.el9_2.12	cpe:/a:redhat:rhel_eus:9.2	RHSA-2025:3111	2025-03-24T00:00:00Z
python-jinja2-0:2.11.3-5.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2025:3585	2025-04-03T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
fence-agents-0:4.10.0-62.el9_4.11	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:2688	2025-03-12T00:00:00Z
python-jinja2-0:2.11.3-7.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:3586	2025-04-03T00:00:00Z
Red Hat OpenShift Container Platform 4.14
openshift4/ose-ansible-operator:v4.14.0-202503310335.p0.g0ad973f.assembly.stream.el8	cpe:/a:redhat:openshift:4.14::el8	RHSA-2025:3568	2025-04-09T00:00:00Z
Red Hat OpenStack Platform 17.1 for RHEL 9
openstack-ansible-core-0:2.14.2-4.7.el9ost	cpe:/a:redhat:openstack:17.1::el9	RHSA-2025:3371	2025-03-27T00:00:00Z
Red Hat Developer Hub (RHDH) 1.4
registry.redhat.io/rhdh/rhdh-hub-rhel9:sha256:577bd1595325229ba368ad2ece71faf31aec93c088e76c4bba507bf67e41753a	cpe:/a:redhat:rhdh:1.4::el9	RHSA-2025:3595	2025-04-03T00:00:00Z
Red Hat Developer Hub (RHDH) 1.5
registry.redhat.io/rhdh/rhdh-hub-rhel9:sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665	cpe:/a:redhat:rhdh:1.5::el9	RHSA-2025:3374	2025-03-27T00:00:00Z

References

Link	Providers
https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403
https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7
https://nvd.nist.gov/vuln/detail/CVE-2025-27516
https://www.cve.org/CVERecord?id=CVE-2025-27516

History

Wed, 09 Apr 2025 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openshift
CPEs		cpe:/a:redhat:openshift:4.14::el8
Vendors & Products		Redhat openshift

Tue, 08 Apr 2025 15:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_aus:8.2

Mon, 07 Apr 2025 15:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_tus:8.6

Fri, 04 Apr 2025 03:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel Tus
CPEs		cpe:/a:redhat:rhdh:1.4::el9 cpe:/a:redhat:rhel_aus:8.4 cpe:/a:redhat:rhel_e4s:8.4 cpe:/a:redhat:rhel_eus:8.8 cpe:/a:redhat:rhel_tus:8.4
Vendors & Products		Redhat rhel Aus Redhat rhel Tus

Wed, 02 Apr 2025 03:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhdh
CPEs		cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:rhdh:1.5::el9
Vendors & Products		Redhat rhdh

Fri, 28 Mar 2025 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openstack
CPEs		cpe:/a:redhat:openstack:17.1::el9
Vendors & Products		Redhat openstack

Wed, 26 Mar 2025 03:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:ansible_automation_platform:2.5::el8 cpe:/a:redhat:ansible_automation_platform:2.5::el9

Tue, 25 Mar 2025 03:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat enterprise Linux
CPEs		cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el9 cpe:/a:redhat:enterprise_linux:9 cpe:/a:redhat:rhel_eus:9.2
Vendors & Products		Redhat enterprise Linux

Wed, 19 Mar 2025 03:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel E4s
CPEs		cpe:/a:redhat:rhel_e4s:9.0
Vendors & Products		Redhat rhel E4s

Thu, 13 Mar 2025 03:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_eus:9.4
Vendors & Products		Redhat rhel Eus

Wed, 12 Mar 2025 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat ansible Automation Platform
CPEs		cpe:/a:redhat:ansible_automation_platform:ee::el8
Vendors & Products		Redhat Redhat ansible Automation Platform

Thu, 06 Mar 2025 14:00:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2025-27516 https://www.cve.org/CVERecord?id=CVE-2025-27516
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}` threat_severity `Important`

Wed, 05 Mar 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 05 Mar 2025 21:00:00 +0000

Type	Values Removed	Values Added
Description		Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the \|attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to use the \|attr filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the \|attr filter no longer bypasses the environment's attribute lookup. This vulnerability is fixed in 3.1.6.
Title		Jinja sandbox breakout through attr filter selecting format method
Weaknesses		CWE-1336
References		https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403 https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7
Metrics		cvssV4_0 `{'score': 5.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2025-03-05T20:40:06.568Z

Updated: 2025-03-05T20:53:46.111Z

Reserved: 2025-02-26T18:11:52.307Z

Link: CVE-2025-27516

Vulnrichment

Updated: 2025-03-05T20:53:36.247Z

NVD

Status : Received

Published: 2025-03-05T21:15:20.073

Modified: 2025-03-05T21:15:20.073

Link: CVE-2025-27516

Redhat

Severity : Important

Publid Date: 2025-03-05T20:40:06Z

Links: CVE-2025-27516 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-27516", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-02-26T18:11:52.307Z", "datePublished": "2025-03-05T20:40:06.568Z", "dateUpdated": "2025-03-05T20:53:46.111Z"}, "containers": {"cna": {"title": "Jinja sandbox breakout through attr filter selecting format method", "problemTypes": [{"descriptions": [{"cweId": "CWE-1336", "lang": "en", "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7"}, {"name": "https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403", "tags": ["x_refsource_MISC"], "url": "https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403"}], "affected": [{"vendor": "pallets", "product": "jinja", "versions": [{"version": "< 3.1.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-03-05T20:40:06.568Z"}, "descriptions": [{"lang": "en", "value": "Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to use the |attr filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the |attr filter no longer bypasses the environment's attribute lookup. This vulnerability is fixed in 3.1.6."}], "source": {"advisory": "GHSA-cpwx-vrp4-4pq7", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-05T20:53:09.195449Z", "id": "CVE-2025-27516", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-05T20:53:46.111Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-27516", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-05T20:53:09.195449Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-05T20:53:36.247Z"}}], "cna": {"title": "Jinja sandbox breakout through attr filter selecting format method", "source": {"advisory": "GHSA-cpwx-vrp4-4pq7", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "pallets", "product": "jinja", "versions": [{"status": "affected", "version": "< 3.1.6"}]}], "references": [{"url": "https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7", "name": "https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403", "name": "https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to use the |attr filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the |attr filter no longer bypasses the environment's attribute lookup. This vulnerability is fixed in 3.1.6."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1336", "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-03-05T20:40:06.568Z"}}}, "cveMetadata": {"cveId": "CVE-2025-27516", "state": "PUBLISHED", "dateUpdated": "2025-03-05T20:53:46.111Z", "dateReserved": "2025-02-26T18:11:52.307Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-03-05T20:40:06.568Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to use the |attr filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the |attr filter no longer bypasses the environment's attribute lookup. This vulnerability is fixed in 3.1.6."}], "id": "CVE-2025-27516", "lastModified": "2025-03-05T21:15:20.073", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-03-05T21:15:20.073", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403"}, {"source": "security-advisories@github.com", "url": "https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1336"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2025:2664", "cpe": "cpe:/a:redhat:ansible_automation_platform:ee::el8", "package": "ansible-automation-platform/ee-minimal-rhel8:2.16.14-11", "product_name": "Ansible Automation Platform Execution Environments", "release_date": "2025-03-11T00:00:00Z"}, {"advisory": "RHSA-2025:2664", "cpe": "cpe:/a:redhat:ansible_automation_platform:ee::el8", "package": "ansible-automation-platform/ee-minimal-rhel9:2.17.9-4", "product_name": "Ansible Automation Platform Execution Environments", "release_date": "2025-03-11T00:00:00Z"}, {"advisory": "RHSA-2025:3123", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "automation-controller-0:4.5.20-1.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2025-03-24T00:00:00Z"}, {"advisory": "RHSA-2025:3123", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "python3x-jinja2-0:3.1.6-1.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2025-03-24T00:00:00Z"}, {"advisory": "RHSA-2025:3124", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/lightspeed-rhel8:2.4.250225-5", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2025-03-24T00:00:00Z"}, {"advisory": "RHSA-2025:3123", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "package": "automation-controller-0:4.5.20-1.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "release_date": "2025-03-24T00:00:00Z"}, {"advisory": "RHSA-2025:3123", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "package": "python-jinja2-0:3.1.6-1.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "release_date": "2025-03-24T00:00:00Z"}, {"advisory": "RHSA-2025:3160", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "automation-controller-0:4.6.10-1.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2025-03-25T00:00:00Z"}, {"advisory": "RHSA-2025:3160", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "python3.11-jinja2-0:3.1.6-1.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2025-03-25T00:00:00Z"}, {"advisory": "RHSA-2025:3162", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/lightspeed-rhel8:2.5.250318-2", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2025-03-25T00:00:00Z"}, {"advisory": "RHSA-2025:3160", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package": "automation-controller-0:4.6.10-1.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date": "2025-03-25T00:00:00Z"}, {"advisory": "RHSA-2025:3160", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package": "python3.11-jinja2-0:3.1.6-1.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date": "2025-03-25T00:00:00Z"}, {"advisory": "RHSA-2025:3388", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python-jinja2-0:2.10.1-7.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:3671", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "python-jinja2-0:2.10.1-2.el8_2.4", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-04-08T00:00:00Z"}, {"advisory": "RHSA-2025:3562", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "python-jinja2-0:2.10.1-2.el8_4.2", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-04-03T00:00:00Z"}, {"advisory": "RHSA-2025:3562", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "python-jinja2-0:2.10.1-2.el8_4.2", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-04-03T00:00:00Z"}, {"advisory": "RHSA-2025:3562", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "python-jinja2-0:2.10.1-2.el8_4.2", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-04-03T00:00:00Z"}, {"advisory": "RHSA-2025:3622", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "python-jinja2-0:2.10.1-4.el8_6.2", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3622", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "python-jinja2-0:2.10.1-4.el8_6.2", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3622", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "python-jinja2-0:2.10.1-4.el8_6.2", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3580", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "python-jinja2-0:2.10.1-5.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-04-03T00:00:00Z"}, {"advisory": "RHSA-2025:3113", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "fence-agents-0:4.10.0-76.el9_5.6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-03-24T00:00:00Z"}, {"advisory": "RHSA-2025:3406", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "python-jinja2-0:2.11.3-8.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:3017", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "fence-agents-0:4.10.0-20.el9_0.21", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-03-18T00:00:00Z"}, {"advisory": "RHSA-2025:3588", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "python-jinja2-0:2.11.3-5.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-04-03T00:00:00Z"}, {"advisory": "RHSA-2025:3111", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "fence-agents-0:4.10.0-43.el9_2.12", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-03-24T00:00:00Z"}, {"advisory": "RHSA-2025:3585", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "python-jinja2-0:2.11.3-5.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-04-03T00:00:00Z"}, {"advisory": "RHSA-2025:2688", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "fence-agents-0:4.10.0-62.el9_4.11", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-03-12T00:00:00Z"}, {"advisory": "RHSA-2025:3586", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "python-jinja2-0:2.11.3-7.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-04-03T00:00:00Z"}, {"advisory": "RHSA-2025:3568", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-ansible-operator:v4.14.0-202503310335.p0.g0ad973f.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2025-04-09T00:00:00Z"}, {"advisory": "RHSA-2025:3371", "cpe": "cpe:/a:redhat:openstack:17.1::el9", "package": "openstack-ansible-core-0:2.14.2-4.7.el9ost", "product_name": "Red Hat OpenStack Platform 17.1 for RHEL 9", "release_date": "2025-03-27T00:00:00Z"}, {"advisory": "RHSA-2025:3595", "cpe": "cpe:/a:redhat:rhdh:1.4::el9", "package": "registry.redhat.io/rhdh/rhdh-hub-rhel9:sha256:577bd1595325229ba368ad2ece71faf31aec93c088e76c4bba507bf67e41753a", "product_name": "Red Hat Developer Hub (RHDH) 1.4", "release_date": "2025-04-03T00:00:00Z"}, {"advisory": "RHSA-2025:3374", "cpe": "cpe:/a:redhat:rhdh:1.5::el9", "package": "registry.redhat.io/rhdh/rhdh-hub-rhel9:sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665", "product_name": "Red Hat Developer Hub (RHDH) 1.5", "release_date": "2025-03-27T00:00:00Z"}], "bugzilla": {"description": "jinja2: Jinja sandbox breakout through attr filter selecting format method", "id": "2350190", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2350190"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-1336", "details": ["Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to use the |attr filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the |attr filter no longer bypasses the environment's attribute lookup. This vulnerability is fixed in 3.1.6.", "A flaw was found in Jinja. In affected versions, an oversight in how the Jinja sandboxed environment interacts with the `|attr` filter allows an attacker who controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications that execute untrusted templates. Jinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to use the `|attr` filter to get a reference to a string's plain format method, bypassing the sandbox."], "name": "CVE-2025-27516", "package_state": [{"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Affected", "package_name": "openshift-serverless-1/kn-eventing-istio-controller-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-24/ee-dellemc-openmanage-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-24/platform-resource-runner-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:discovery:1", "fix_state": "Not affected", "package_name": "discovery-server-container", "product_name": "Red Hat Discovery"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "rhel9/keylime-registrar", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "rhel9/keylime-verifier", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-aws-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-azure-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-azure-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-gcp-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-ibm-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-intel-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/docling-serve-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/instructlab-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/instructlab-intel-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/instructlab-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/ui-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-ml-pipelines-api-server-v2-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-ml-pipelines-driver-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-ml-pipelines-launcher-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-model-registry-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/cnf-tests-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-olm-operator-controller-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-ovn-kubernetes", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-ovn-kubernetes-microshift-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ztp-site-generate-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "ose-ovn-kubernetes-base-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}], "public_date": "2025-03-05T20:40:06Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-27516\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-27516\nhttps://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403\nhttps://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7"], "statement": "This vulnerability is rated as important severity due to the potential for an attacker to bypass Jinja's sandbox by exploiting the |attr filter, by controlling template content, an attacker can execute arbitrary Python code, impacting the integrity, confidentiality, and availability of the system. While the attack requires user interaction to trigger untrusted templates, the risk is significant in applications that allow such templates to be executed.", "threat_severity": "Important"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object