How to fix CVE-2025-12107?

Within 24 hours: Inventory all Identity Server instances and document versions; restrict admin account access to essential personnel only and enable enhanced logging. Within 7 days: Contact vendor for patch timeline and evaluate upgrade feasibility to version 5.11.1 or later; implement network segmentation to isolate Identity Server from critical systems. Within 30 days: Complete migration to patched version or implement approved compensating controls; conduct audit of admin activity logs for suspicious template injection attempts.

Is Identity Server affected by CVE-2025-12107?

CVE-2025-12107 affects Identity Server deployments up to version 5.11.0, allowing authenticated administrators with malicious intent to execute arbitrary code through template injection.

CVE-2025-12107

HIGH

2026-02-19 ed10eef1-636d-4fbe-9993-6890dfa878f8

8.4

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:03 vuln.today

CVE Published

Feb 19, 2026 - 10:16 nvd

HIGH 8.4

Description

Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates. Successful exploitation of this vulnerability could allow a malicious actor with admin privilege to inject and execute arbitrary template code on the server, potentially leading to remote code execution, data manipulation, or unauthorized access to sensitive information.

Analysis

Identity Server versions up to 5.11.0 contains a vulnerability that allows attackers to a malicious actor with admin privilege to inject and execute arbitrary template (CVSS 8.4).

Technical Context

affects Identity Server. Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates.

Successful exploitation of this vulnerability could allow a malicious actor with admin privilege to inject and execute arbitrary template code on the server, potentially leading to remote code execution, data manipulation, or unauthorized access to sensitive information.

Affected Products

Vendor: Wso2. Product: Identity Server. Versions: up to 5.11.0.

Remediation

Monitor vendor advisories for a patch.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.4

CVSS: +42

POC: 0

CVE-2025-12107 vulnerability details – vuln.today

Back

CVE-2025-12107

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-12107

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code