Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.2
Adobe Experience Manager: Admins Can Inject Malicious Server Code
CVE-2025-12107
Summary
Adobe Experience Manager users with admin access may be able to inject malicious code on the server, potentially leading to remote code execution, data theft, or unauthorized access. To protect yourself, update Adobe Experience Manager to the latest version. If you're not using this software, consider disabling it or using a different solution.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| wso2 | identity_server | 5.11.0 | – |
Original title
Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates.
Success...
Original description
Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates.
Successful exploitation of this vulnerability could allow a malicious actor with admin privilege to inject and execute arbitrary template code on the server, potentially leading to remote code execution, data manipulation, or unauthorized access to sensitive information.
Successful exploitation of this vulnerability could allow a malicious actor with admin privilege to inject and execute arbitrary template code on the server, potentially leading to remote code execution, data manipulation, or unauthorized access to sensitive information.
nvd CVSS3.1
7.2
Vulnerability type
CWE-1336
Published: 19 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026