CVE-2025-23212
📋 TL;DR
CVE-2025-23212 is an information disclosure vulnerability in Tandoor Recipes that allows any user to enumerate and read files on the server through the external storage feature. This affects all Tandoor Recipes instances with the vulnerable version, potentially exposing sensitive configuration files, credentials, or other data. The vulnerability is fixed in version 1.5.28.
💻 Affected Systems
- Tandoor Recipes
📦 What is this software?
Recipes by Tandoor
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full access to sensitive server files including configuration files, database credentials, API keys, and user data, leading to complete system compromise.
Likely Case
Unauthenticated users enumerate and read accessible files, potentially exposing configuration details, logs, or other sensitive information stored on the server.
If Mitigated
With proper network segmentation and access controls, impact is limited to files within the application's designated storage areas.
🎯 Exploit Status
The vulnerability allows unauthenticated file enumeration and reading through the external storage API endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.5.28
Vendor Advisory: https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-jrgj-35jx-2qq7
Restart Required: No
Instructions:
1. Backup your Tandoor Recipes instance and database. 2. Update to version 1.5.28 using your deployment method (Docker, manual, etc.). 3. Verify the update completed successfully. 4. Test the external storage functionality.
🔧 Temporary Workarounds
Disable External Storage
allTemporarily disable the external storage feature to prevent exploitation while planning the update.
Modify configuration to disable external storage feature
Restrict Network Access
allImplement network-level restrictions to limit access to the Tandoor Recipes instance.
Configure firewall rules to restrict access to trusted IPs only
🧯 If You Can't Patch
- Implement strict network access controls to limit who can reach the Tandoor Recipes instance
- Disable the external storage feature entirely in the application configuration
🔍 How to Verify
Check if Vulnerable:
Check if your Tandoor Recipes version is below 1.5.28 and test if unauthenticated users can access file enumeration endpoints.Check Version:
Check the Tandoor Recipes web interface settings or examine the application version in the deployment configuration.Verify Fix Applied:
After updating to 1.5.28, verify that unauthenticated users cannot enumerate or read files through the external storage endpoints.📡 Detection & Monitoring
Log Indicators:
- Multiple requests to file enumeration endpoints from unauthenticated users
- Unusual file access patterns through external storage API
Network Indicators:
- HTTP requests to /api/storage/ endpoints from unauthenticated sources
- Patterns of file enumeration attempts
SIEM Query:
source="tandoor_access.log" AND (uri_path="/api/storage/" OR uri_path CONTAINS "/api/storage/") AND http_status=200 AND user="-"