CVE-2025-12107
Published: 19 February 2026
Summary
CVE-2025-12107 is a high-severity Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) vulnerability in Wso2 Identity Server. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Template Injection (T1221); ranked in the top 30.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates timely remediation of the known flaw in the third-party Velocity template engine via patching as recommended in the WSO2 advisory.
Requires vulnerability scanning to identify the CVE-2025-12107 flaw in the Velocity template engine for proactive remediation.
Mitigates template injection attacks by validating and sanitizing inputs to the vulnerable Velocity server-side templates.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2025-12107 is a server-side template injection vulnerability in the Velocity template engine, directly enabling T1221 Template Injection for arbitrary code execution.
NVD Description
Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates. Successful exploitation of this vulnerability could allow a malicious actor with admin privilege…
more
to inject and execute arbitrary template code on the server, potentially leading to remote code execution, data manipulation, or unauthorized access to sensitive information.
Deeper analysisAI
CVE-2025-12107 is a vulnerability stemming from the use of a vulnerable third-party Velocity template engine in WSO2 products. It enables a malicious actor with admin privileges to inject and execute arbitrary template syntax within server-side templates. Published on 2026-02-19, the issue is classified under CWE-1336 with a CVSS v3.1 base score of 8.4 (AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact across confidentiality, integrity, and availability in a changed scope.
Exploitation requires an attacker with high-privilege (admin) access on an adjacent network, achievable with low attack complexity and no user interaction. Upon successful injection of arbitrary template code, the attacker can achieve remote code execution on the server, data manipulation, or unauthorized access to sensitive information.
The WSO2 security advisory WSO2-2025-4517 provides details on mitigation and patches at https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4517/.
Details
- CWE(s)