What is CVE-2025-12107?

CVE-2025-12107 is a high-severity vulnerability in Wso2 Identity Server, classified under Improper Neutralization of Special Elements Used in a Template Engine. CVSS score: 8.4/10. Published 2026-02-19.

How severe is CVE-2025-12107?

High severity. CVSS v3 base score is 8.4 out of 10.

Vulnerability in Wso2 Identity Server

CVE-2025-12107

Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates. Successful exploitation of this vulnerability cou…

EPSS: 0.006 (69.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.4 (High). Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.

Affected products

Wso2 Identity Server — versions 5.11.0.130

Weakness classification (CWE)

CWE-1336 — Improper Neutralization of Special Elements Used in a Template Engine

References

security.docs.wso2.com/en/latest/security-announcements/security-advisories/202… (vendor-advisory)

Frequently asked questions

What is CVE-2025-12107?: CVE-2025-12107 is a high-severity vulnerability in Wso2 Identity Server, classified under Improper Neutralization of Special Elements Used in a Template Engine. CVSS score: 8.4/10. Published 2026-02-19.
How severe is CVE-2025-12107?: High severity. CVSS v3 base score is 8.4 out of 10.