ByteOS Network

NVD Vulnerability Details :

CVE-2025-12107

Analyzed

Source-ed10eef1-636d-4fbe-9993-6890dfa878f8

Published At-19 Feb, 2026 | 10:16

Updated At-19 Feb, 2026 | 19:56

Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates. Successful exploitation of this vulnerability could allow a malicious actor with admin privilege to inject and execute arbitrary template code on the server, potentially leading to remote code execution, data manipulation, or unauthorized access to sensitive information.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	10.0	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary	3.1	7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 10.0

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 7.2

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CPE Matches

WSO2 LLC

>>identity_server>>5.11.0

cpe:2.3:a:wso2:identity_server:5.11.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-1336	Secondary	ed10eef1-636d-4fbe-9993-6890dfa878f8

CWE ID: CWE-1336

Type: Secondary

Source: ed10eef1-636d-4fbe-9993-6890dfa878f8

References

Hyperlink	Source	Resource
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4517/	ed10eef1-636d-4fbe-9993-6890dfa878f8	Vendor Advisory

Hyperlink: https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4517/

Source: ed10eef1-636d-4fbe-9993-6890dfa878f8

Resource:

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History