File Upload Vulnerability in Tandoor Recipes Application by Tandoor
CVE-2025-23213

5.4MEDIUM

Key Information:

Vendor: Tandoorrecipes
Status: Recipes
Vendor: CVE Published:; 28 January 2025

🔔 Create Tandoorrecipes Vulnerability Alert

What is CVE-2025-23213?

The Tandoor Recipes application, which is designed for managing recipes and meal planning, suffers from a security flaw that permits users to upload arbitrary files. This flaw specifically affects the file upload feature, allowing potentially harmful HTML and SVG files to be uploaded, which may contain executable XSS payloads. The risk associated with this vulnerability has been addressed in version 1.5.28, thus it is critical for users to update to this version to mitigate the threat posed by malicious file uploads.

Affected Version(s)

recipes < 1.5.28

References

https://github.com/TandoorRecipes/recipes/security/adviso...

x_refsource_CONFIRM

https://github.com/TandoorRecipes/recipes/commit/3e37d11c...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 28, 2025
Vulnerability Reserved
Jan 13, 2025

CVE-2025-23213 Data

JSON