{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3804", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-04-18T14:21:22.611Z", "datePublished": "2025-04-19T15:31:04.195Z", "dateUpdated": "2025-04-21T11:28:31.903Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-04-21T11:28:31.903Z"}, "title": "thautwarm vscode-diana Jinja2 Template Gen.py injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-707", "lang": "en", "description": "Improper Neutralization"}]}], "affected": [{"vendor": "thautwarm", "product": "vscode-diana", "versions": [{"version": "0.0.1", "status": "affected"}], "modules": ["Jinja2 Template Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Affected is an unknown function of the file Gen.py of the component Jinja2 Template Handler. The manipulation leads to injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "Es wurde eine kritische Schwachstelle in thautwarm vscode-diana 0.0.1 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei Gen.py der Komponente Jinja2 Template Handler. Dank Manipulation mit unbekannten Daten kann eine injection-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"}}], "timeline": [{"time": "2025-04-18T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-04-18T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-04-21T13:30:37.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "ybdesire (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "ybdesire (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.305658", "name": "VDB-305658 | thautwarm vscode-diana Jinja2 Template Gen.py injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.305658", "name": "VDB-305658 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.554779", "name": "Submit #554779 | thautwarm vscode-diana 0.0.1 Improper Neutralization of Special Elements Used in a Template E", "tags": ["third-party-advisory"]}, {"url": "https://github.com/thautwarm/vscode-diana/issues/1", "tags": ["issue-tracking"]}, {"url": "https://github.com/thautwarm/vscode-diana/issues/1#issue-2982880456", "tags": ["exploit", "issue-tracking"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-21T02:31:18.842158Z", "id": "CVE-2025-3804", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-21T02:31:59.595Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3804", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-21T02:31:18.842158Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-21T02:31:54.764Z"}}], "cna": {"title": "thautwarm vscode-diana Jinja2 Template Gen.py injection", "credits": [{"lang": "en", "type": "reporter", "value": "ybdesire (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"}}], "affected": [{"vendor": "thautwarm", "modules": ["Jinja2 Template Handler"], "product": "vscode-diana", "versions": [{"status": "affected", "version": "0.0.1"}]}], "timeline": [{"lang": "en", "time": "2025-04-18T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-04-18T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-04-18T16:26:33.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.305658", "name": "VDB-305658 | thautwarm vscode-diana Jinja2 Template Gen.py injection", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.305658", "name": "VDB-305658 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.554779", "name": "Submit #554779 | thautwarm vscode-diana 0.0.1 Improper Neutralization of Special Elements Used in a Template E", "tags": ["third-party-advisory"]}, {"url": "https://github.com/thautwarm/vscode-diana/issues/1", "tags": ["issue-tracking"]}, {"url": "https://github.com/thautwarm/vscode-diana/issues/1#issue-2982880456", "tags": ["exploit", "issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Affected is an unknown function of the file Gen.py of the component Jinja2 Template Handler. The manipulation leads to injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "Es wurde eine kritische Schwachstelle in thautwarm vscode-diana 0.0.1 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei Gen.py der Komponente Jinja2 Template Handler. Dank Manipulation mit unbekannten Daten kann eine injection-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-707", "description": "Improper Neutralization"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-04-19T15:31:04.195Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3804", "state": "PUBLISHED", "dateUpdated": "2025-04-21T02:31:59.595Z", "dateReserved": "2025-04-18T14:21:22.611Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-04-19T15:31:04.195Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Affected is an unknown function of the file Gen.py of the component Jinja2 Template Handler. The manipulation leads to injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad cr\u00edtica en thautwarm vscode-diana 0.0.1. Se ve afectada una funci\u00f3n desconocida del archivo Gen.py del componente Jinja2 Template Handler. La manipulaci\u00f3n provoca una inyecci\u00f3n. Es necesario atacar localmente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."}], "id": "CVE-2025-3804", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-04-19T16:15:14.250", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/thautwarm/vscode-diana/issues/1"}, {"source": "cna@vuldb.com", "url": "https://github.com/thautwarm/vscode-diana/issues/1#issue-2982880456"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.305658"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.305658"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.554779"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-707"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}

{}