A high-severity vulnerability has been identified in multiple FelixRiddle products utilizing the dev-jobs-handlebars component. This flaw could allow a remote, unauthenticated attacker to execute arbitrary code on affected systems. Successful exploitation could lead to a complete system compromise, resulting in data theft, service disruption, and further network intrusion.

The vulnerability is a Server-Side Template Injection (SSTI) flaw within the dev-jobs-handlebars component. The application improperly handles user-supplied input when rendering server-side templates, allowing an attacker to inject malicious template directives. By crafting a specific payload and submitting it to an exposed input field, an attacker can escape the template sandbox and execute arbitrary commands with the permissions of the web server process, leading to Remote Code Execution (RCE).

This vulnerability is rated as High severity with a CVSS score of 8.2. A successful exploit could have a significant negative impact on the business. An attacker could gain unauthorized access to sensitive corporate or customer data, deploy malware such as ransomware, or use the compromised server as a pivot point to attack other systems within the internal network. Potential consequences include major data breaches, financial loss, operational downtime, and severe reputational damage.

Immediate Action: The primary remediation is to apply the security updates provided by FelixRiddle to all affected systems immediately. After patching, it is critical to monitor for any signs of exploitation attempts by reviewing application and web server access logs for anomalous activity that may have occurred prior to the patch.

Proactive Monitoring: Security teams should actively monitor for indicators of compromise. This includes searching web server logs for requests containing template syntax (e.g., {{...}}, {{{...}}) in user input fields. Additionally, monitor for unexpected outbound network connections from affected servers and any unusual process execution or file modifications on the host system.

Compensating Controls: If immediate patching is not feasible, organizations should implement compensating controls. Deploying a Web Application Firewall (WAF) with rules specifically designed to detect and block SSTI attack patterns can reduce the risk. Enforcing strict input validation on all user-controlled data processed by the application can also serve as a temporary mitigation.

Public Exploit Available: false

Given the high-impact nature of this vulnerability, which allows for remote code execution, we strongly recommend that organizations treat this as a critical priority. Although CVE-2025-61536 is not currently listed on the CISA KEV list, its severity makes it a likely candidate for future inclusion. All affected assets should be identified and patched immediately according to the vendor's advisory to prevent potential system compromise.