2.3 Million Times Downloaded LaRecipe Tool Vulnerability Let Attackers Take Full Control Of Servers

A critical security vulnerability has been discovered in LaRecipe, a popular documentation generator tool that has been downloaded over 2.3 million times. The vulnerability, identified asCVE-2025-53833, enables attackers to execute arbitrary commands on servers through Server-Side Template Injection (SSTI), potentially leading to complete system compromise. This critical flaw affects all versions of the binarytorch/larecipe Composer package prior to version 2.8.1. SSTI Remote Code Execution Flaw GitHubreportsthat the vulnerability stems from improper input validation in LaRecipe’s template processing system, allowing attackers to inject malicious code into server-side templates. Server-Side Template Injection occurs when user input is embedded into template engines without proper sanitization, enabling attackers to execute arbitrary code on the target server. This particular vulnerability has been assigned a Critical severity rating with a CVSS v3.1 base score reflecting maximum impact...