CVE-2025-1087

Published May 9, 2025

Last updated a month ago

CVSS critical 9.3

Overview

Description
Kong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that allows attackers to execute arbitrary code. The vulnerability exists due to insufficient validation of user-supplied input when processing template strings, which can lead to arbitrary JavaScript execution in the context of the application.
Source
02762ae7-200e-4b20-9b2b-a77d5b8fc4cb
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

Weaknesses

02762ae7-200e-4b20-9b2b-a77d5b8fc4cb
CWE-20

Social media

Hype score
Not currently trending

  1. Sleepless Strings - Template Injection in Insomnia CVE-2025-1087 allows RCE via cookies, imports & more in Insomnia API Client. Still exploitable in v11.2.0 Dev tools can be attack vectors too. Read more: https://t.co/WSaZMWFDDF #Cybersecurity #CVE2025 #APIsecurity https:/

    @threatsbank

    25 Jun 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. #exploit 1. CVE-2025-6018/6019: LPE from unprivileged to allow_active in *SUSE 15's PAM / to root in libblockdev via udisks - https://t.co/MXRzsR4oww 2. CVE-2025-33073: PoC Exploit for NTLM reflection SMB flaw - https://t.co/elnGe06QEq 3. CVE-2025-1087: Arbitrary code execution

    @ksg93rd

    20 Jun 2025

    167 Impressions

    0 Retweets

    4 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  3. Insomnia API Client の脆弱性 CVE-2025-1087 が FIX:不十分な入力検証が引き起こす RCE https://t.co/lk3MAjQOEM オープンソースの Insomnia API Client に、深刻度の高い RCE 脆弱性が発生しています。ご利用のチームは、迅速なアッ

    @iototsecnews

    26 May 2025

    120 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-1087: Critical Template Injection in Insomnia API Client Enables Remote Code Execution https://t.co/N3YbvEh9nb

    @samilaiho

    13 May 2025

    658 Impressions

    1 Retweet

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 CVE-2025-1087 ⚠️🔴 CRITICAL (9.3) 🏢 Kong Inc. - Insomnia 🏗️ Unknown Version 🔗 https://t.co/j4ZmA5no70 #CyberCron #VulnAlert #InfoSec https://t.co/G9ubjCHerC

    @cybercronai

    9 May 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.