A critical vulnerability (CVE-2025-1087) in the Insomnia API Client enables arbitrary code execution via Client-Side Template Injection (CSTI). The flaw, rated CVSS 9.3, stems from unsafe handling of untrusted input by the Nunjucks templating engine.
/https://cyware-ent.s3.amazonaws.com/image_bank/db44_shutterstock_1612147396.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/fc19_Cy_Blog_Lazarus-APT_v06.jpg)
