How severe is CVE-2025-26865?

This vulnerability has a severity rating of LOW with a CVSS score of 3.5 out of 10.

What type of vulnerability is CVE-2025-26865?

This is classified as CWE-1336, which is a common weakness in software security.

CVE-2025-26865 - LOW Severity | CVSS 3.5

Vulnerability Description

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: from 18.12.17 before 18.12.18. It's a regression between 18.12.17 and 18.12.18. In case you use something like that, which is not recommended! For security, only official releases should be used. In other words, if you use 18.12.17 you are still safe. The version 18.12.17 is not a affected. But something between 18.12.17 and 18.12.18 is. In that case, users are recommended to upgrade to version 18.12.18, which fixes the issue.

Related Vulnerabilities

CVE-2024-35191

MEDIUM

CVSS:4.4(Medium)

Formie is a Craft CMS plugin for creating forms. Prior to 2.1.6, users with access to a form's settings can include malicious Twig code into fields that support Twig. These might be the Submission Tit...

CWE-13362024

CVE-2025-23376

MEDIUM

CVSS:4.4(Medium)

Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker ...

CWE-13362025

CVE-2022-27662

MEDIUM

CVSS:4.8(Medium)

On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration ...

CWE-13362022

CVE-2022-0323

MEDIUM

CVSS:5.3(Medium)

Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1.

CWE-13362022

CVE-2023-6709

CRITICAL

CVSS:10.0(Critical)

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.

CWE-13362023

CVE-2024-32651

CRITICAL

CVSS:10.0(Critical)

changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote...

CWE-13362024