CVE-2025-25362 Information

Description

A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field.

Reference

https://github.com/explosion/spacy-llm/issues/492