CVE-2025-12107

Name of the Vulnerable Software and Affected Versions versions prior to Feb. 19, 2026

Description A security flaw exists due to the use of a vulnerable third-party Velocity template engine. An attacker with administrative privileges can inject malicious template syntax, potentially leading to remote code execution, data manipulation, or unauthorized access to sensitive information. The vulnerability involves the injection and execution of arbitrary template code on the server. This is a Server-Side Template Injection (SSTI) issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.