CVE-2025-12107 · CVEKit

cve.orgen

461 chars

Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates. Successful exploitation of this vulnerability could allow a malicious actor with admin privilege to inject and execute arbitrary template code on the server, potentially leading to remote code execution, data manipulation, or unauthorized access to sensitive information.

NVDen

461 chars

Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates. Successful exploitation of this vulnerability could allow a malicious actor with admin privilege to inject and execute arbitrary template code on the server, potentially leading to remote code execution, data manipulation, or unauthorized access to sensitive information.

NVDes

534 chars

Debido al uso de un motor de plantillas Velocity de terceros vulnerable, un actor malicioso con privilegios de administrador puede inyectar y ejecutar sintaxis de plantilla arbitraria dentro de plantillas del lado del servidor. La explotación exitosa de esta vulnerabilidad podría permitir a un actor malicioso con privilegios de administrador inyectar y ejecutar código de plantilla arbitrario en el servidor, lo que podría llevar a la ejecución remota de código, manipulación de datos o acceso no autorizado a información sensible.

CVSS metrics across sources

3

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	8.4	—	—	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
3.1	Primary	NVD	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H