CVE-2025-3805 – Jinja2 Template Handler Local File Injection Vulnerability in Sarrionandia Tournatrack

April 20, 2025

CVE ID : CVE-2025-3805

Published : April 19, 2025, 4:15 p.m. | 12 hours, 38 minutes ago

Description : A vulnerability classified as critical was found in sarrionandia tournatrack up to 4c13a23f43da5317eea4614870a7a8510fc540ec. Affected by this vulnerability is an unknown functionality of the file check_id.py of the component Jinja2 Template Handler. The manipulation of the argument ID leads to injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleWindows 11 File Explorer gets better theme accent support, progress bar looks darker

Next Article CVE-2025-3804 – Thautwarm VSCode-Diana Jinja2 Template Handler Injection Vulnerability

In-House vs. Outsource Node.js Development Teams: 9 Key Differences for the C-Suite (2025)

Why Non-Native Content Designers Improve Global UX

DevOps won’t scale without platform engineering and here’s why your teams are still stuck

This week in AI dev tools: Slack’s enterprise search, Claude Code’s analytics dashboard, and more (July 18, 2025)

DistroWatch Weekly, Issue 1131

I ditched my Bluetooth speakers for this slick turntable – and it’s more practical than I thought

This split keyboard offers deep customization – if you’re willing to go all in

I spoke with an AI version of myself, thanks to Hume’s free tool – how to try it

The details of TC39’s last meeting

The details of TC39’s last meeting

Simple wrapper for Chrome’s built-in local LLM (Gemini Nano)

Online Examination System using PHP and MySQL

Windows 11 tests “shared audio” to play music via multiple devices, new taskbar animations

Windows 11 tests “shared audio” to play music via multiple devices, new taskbar animations

WhatsApp for Windows 11 is switching back to Chromium web wrapper from UWP/native

DistroWatch Weekly, Issue 1131

CVE-2025-3805 – Jinja2 Template Handler Local File Injection Vulnerability in Sarrionandia Tournatrack

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

Anthropic’s Claude Code gets new analytics dashboard to provide insights into how teams are using AI tooling

CVE-2025-53382 – Apache HTTP Server Cross-Site Request Forgery

NVIDIA’s most affordable RTX 50-series GPU is here for laptops, and it’s coming to desktops in July — just don’t expect any reviews

Gemini in Google Workspace: Your New AI-Powered Collaborator

Critical Linux Kernel Vulnerability Exposes Systems to Privilege Escalation Attacks

Perplexity joins high-powered, high-priced AI race – here’s everything ‘Max’ includes

Google Releases 76-Page Whitepaper on AI Agents: A Deep Technical Dive into Agentic RAG, Evaluation Frameworks, and Real-World Architectures

CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download

CVE-2025-3805 – Jinja2 Template Handler Local File Injection Vulnerability in Sarrionandia Tournatrack

Related Posts