Dotcms

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-11165 CRITICAL Act Now

Sandbox escape in dotCMS Velocity scripting engine (VTools) allows authenticated users to execute arbitrary SQL. CVSS 9.9 with scope change — affects one of the largest Java CMS platforms.

Tomcat Java Dotcms
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-11165
EPSS 0% CVSS 9.9
CRITICAL Act Now

Sandbox escape in dotCMS Velocity scripting engine (VTools) allows authenticated users to execute arbitrary SQL. CVSS 9.9 with scope change — affects one of the largest Java CMS platforms.

Tomcat Java Dotcms
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy