Critical vulnerability in Insomnia API client enables arbitrary code execution

A critical security vulnerability is reported in the widely-used Insomnia API Client by security researchers from Tanto Security that allows attackers to execute arbitrary code on victim systems.

The flaw is CVE-2025-1087 (CVSS score 9.3) is a template injection flaw due to insufficient validation of user-supplied input when processing template strings.

The primary exploitation methods include importing malicious Insomnia collection files, pasting crafted template expressions into various UI fields such as URLs, query parameters, request bodies, and environment variables, and through server-provided HTTP cookies that contain malicious template expressions.

• The cookie-based attack vector is the scaries as it requires minimal user interaction. When Insomnia sends an HTTP request to a malicious server, the server can respond with a Set-Cookie header containing dangerous template expressions. These expressions are automatically stored in Insomnia's cookie jar and processed by the templating engine during subsequent requests, potentially leading to immediate code execution.

The attack leverages JavaScript's global functions available in the Nunjucks templating environment to escape the template sandbox and execute system commands. A typical payload structure appears as:

{{range.constructor("return require('child_process').execSync('command')")()}}

where the template expression evaluates arbitrary JavaScript code within the Node.js environment. When the malicious template is rendered, it can execute commands such as data exfiltration, malware installation, or complete system compromise.

Kong's development team has attempted multiple mitigations since the vulnerability was first reported in February 2025, but each attempt has been successfully bypassed by the security researchers. 

1. The first mitigation attempt involved implementing a regular expression filter to block template expressions containing the string "require", which was bypassed using string concatenation (req'+'u'+'ire), base64 encoding with eval, and JavaScript character encoding (\\u0072equire).
2. The second mitigation in version 11.1.0 moved template rendering into a Web Worker environment and wrapped the require function to only allow loading of allowlisted modules including crypto, date-fns, fs, iconv-lite, jsonpath-plus, os, tough-cookie, and uuid. This protection was bypassed by using module.require instead of the wrapped require function, demonstrating the fragility of sandboxing approaches.
3. The third mitigation in version 11.2.0 attempted to patch out the range and cycler global functions from Nunjucks. This was  bypassed by switching to the joiner global function, which provides the same constructor access needed for code execution. The payload {{joiner.constructor("return module.require('child_process').execSync('command')")()}} remains effective against the latest version.

The vulnerability, affects Kong Insomnia Desktop Application before version 11.0.2. Research demonstrates that the vulnerability remains exploitable even in the latest version 11.2.0 as of June 2025, despite multiple mitigation attempts by Kong.

Given the persistent exploitability across multiple versions, users should ideally change out the tool for another more secure tool. If that's not possible users should be extremely careful when importing Insomnia files from untrusted sources and should inspect files for template expressions denoted by double curly braces {{}} before importing them. Users should also be mindful when pasting values into various fields and should inspect data for template expressions before entering it into Insomnia. Finally, users should limit HTTP requests to trusted servers to prevent exposure to malicious cookies, or disable cookie storing and sending on a per-request basis.