Critical HubSpot’s Jinjava Engine Vulnerability Exposes Thousands of Websites to RCE

Threat: Vulnerability

Targeted Region: Global

Targeted Sector: Technology & IT

Criticality: Critical

EXECUTIVE SUMMARY:

A critical vulnerability CVE-2025-59340 has been discovered in HubSpot’s Jinjava template engine versions prior to 2.8.1 that allows attackers to bypass its sandbox protections and use methods like ObjectMapper.constructFromCanonical() to deserialize inputs into arbitrary classes. This makes it possible to access sensitive system files, perform SSRF, and potentially achieve remote code execution. The flaw has a high severity CVSS 9.8.

RECOMMENDATION:

We strongly recommend you update HubSpot Jinjava to version 2.8.1.

REFERENCES:

The following reports contain further technical details:

https://securityonline.info/cve-2025-59340-critical-hubspots-jinjava-engine-flaw-exposes-thousands-of-websites-to-rce/

Recent Advisories

GOLD SALEM Compromise Networks and Bypass Security Solutions

September 19, 2025

CopyCop Campaign uses LLMs and Deepfakes to Manipulate Fake Websites

September 18, 2025

Chrome Patches Zero-Day Vulnerabilities enabling Remote Code Execution

September 18, 2025

Multi-Nation Hackers Target India Through Malware and Phishing

September 18, 2025

Critical HubSpot’s Jinjava Engine Vulnerability Exposes Thousands of Websites to RCE

Recent Advisories

Report an Incident