216.73.216.233

CVE-2025-6518

· Published 23/06/2025 19:15 · Modified 23/06/2025 20:16

Labels: CVE-2025-6518 2025-06-23CVE-2025-6518CWE-791[email protected]

Essential information

Published
23/06/2025 19:15
Modified
23/06/2025 20:16
Author
Creator
CVSS
5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/single_llm_call.py of the component Jinja2 Template Handler. The manipulation of the argument user_message leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
pyspur-dev / pyspur cpe:2.3:a:pyspur-dev:pyspur:<0.1.18:*:*:*:*:*:*:*

References