CVE-2025-3841
low-risk
Published 2025-04-21
A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Jinja2 Template Handler. The manipulation of the argument config['template'] leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
Do I need to act?
-
0.15% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.3/10
Low
LOCAL
/ LOW complexity
Affected Products (1)
Jam
Affected Vendors
References (5)
Permissions Required
https://vuldb.com/?ctiid.305769
Third Party Advisory
https://vuldb.com/?id.305769
Third Party Advisory
https://vuldb.com/?submit.555905
19
/ 100
low-risk
Severity
13/34 · Low
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal