CVE-2025-1087
CVE-2025-1087
9.3
CriticalPublished:
Last updated:
Source:02762ae7-200e-4b20-9b2b-a77d5b8fc4cb
Deferred
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- None
- User Interaction
- Active
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- High
- Availability (Vulnerable)
- Low
- Confidentiality (Subsequent)
- High
- Integrity (Subsequent)
- High
- Availability (Subsequent)
- Low
Description
Kong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that allows attackers to execute arbitrary code. The vulnerability exists due to insufficient validation of user-supplied input when processing template strings, which can lead to arbitrary JavaScript execution in the context of the application.
References
02762ae7-200e-4b20-9b2b-a77d5b8fc4cb
https://github.com/Kong/insomniaaf854a3a-2127-422b-91ae-364da2661108
https://tantosec.com/blog/2025/06/insomnia-api-client-template-injection/