Template Injection Vulnerability in Kong Insomnia Desktop Application
CVE-2025-1087

9.3CRITICAL

Key Information:

Vendor: Kong Inc.
Status: Insomnia
Vendor: CVE Published:; 9 May 2025

What is CVE-2025-1087?

The Kong Insomnia Desktop Application prior to version 11.0.2 is vulnerable to a template injection flaw that stems from inadequate validation of user-provided input during the processing of template strings. This oversight can be exploited by attackers, allowing them to execute arbitrary JavaScript code within the context of the application, posing significant security risks to users.

Affected Version(s)

Insomnia Windows <= 11.0.2

References

https://github.com/Kong/insomnia

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 9, 2025
Vulnerability Reserved
Feb 6, 2025

Kong Inc.

What is CVE-2025-1087?

Affected Version(s)

References

CVSS V4

Timeline