Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-3841

A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Jinja2 Template Handler. The manipulation of the argument config['template'] leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

Published

2025-04-21T20:15:19.487

Last Modified

2025-06-23T13:06:18.607

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 3.3 (LOW)

CVSSv2 Vector

AV:L/AC:L/Au:S/C:N/I:P/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

3.1

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-791
CWE-1336
Type: Primary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	wix	jam	< 2018-03-27	Yes

References

https://github.com/wix-incubator/jam/issues/1 Exploit, Issue Tracking, Vendor Advisory ([email protected])
https://vuldb.com/?ctiid.305769 Permissions Required, VDB Entry ([email protected])
https://vuldb.com/?id.305769 Third Party Advisory, VDB Entry ([email protected])
https://vuldb.com/?submit.555905 Third Party Advisory, VDB Entry ([email protected])
https://github.com/wix-incubator/jam/issues/1 Exploit, Issue Tracking, Vendor Advisory (134c704f-9b21-4f2e-91b3-4a467353bcc0)