CVE-2025-11165 | dotCMS 24.12/25.07 Velocity Scripting Engine sql injection

Inserito da Angelo Barbosa | Feb 24, 2026 | CVE

A vulnerability has been found in dotCMS 24.12/25.07 and classified as critical. This affects an unknown part of the component Velocity Scripting Engine. The manipulation leads to sql injection.

This vulnerability is referenced as CVE-2025-11165. Remote exploitation of the attack is possible. No exploit is available.

CVE-2025-11165 | dotCMS 24.12/25.07 Velocity Scripting Engine sql injection

Post correlati

CVE-2021-47209 | Linux Kernel up to 5.15.4 update_blocked_averages use after free (512e21c150c1/b027789e5e50)

CVE-2025-5895 | Metabase 54.10 dom.js parseDataUri redos (ID 57011)

CVE-2023-46952 | ABO.CMS 5.9.3 HTTP Header Referer cross site scripting

CVE-2025-11601 | SourceCodester Online Student Result System 1.0 /login.php Username sql injection