CVE-2025-12107
Infor · Multiple Products
Infor products using a vulnerable third-party Velocity template engine are susceptible to arbitrary template code execution by an authenticated administrator.
Executive summary
A critical vulnerability in Infor products allows an authenticated administrator to execute arbitrary template code, potentially leading to full remote code execution on the underlying server.
Vulnerability
The vulnerability stems from the use of an outdated third-party Velocity template engine, allowing an authenticated administrator to inject and execute arbitrary server-side template syntax.
Business impact
Successful exploitation allows an attacker already possessing administrative credentials to escalate their impact to remote code execution. This could result in complete server compromise, unauthorized data exfiltration, or the installation of persistent backdoors, justifying the critical CVSS score of 10.0.
Remediation
Immediate Action: Update all affected Infor products to the latest available version as specified by the vendor’s security advisory.
Proactive Monitoring: Audit administrative activity logs for unexpected template modifications or unauthorized execution of system-level commands.
Compensating Controls: Implement the principle of least privilege for administrative accounts and utilize file integrity monitoring (FIM) to detect unauthorized changes to server-side templates.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
While this exploit requires administrative privileges, the potential for total system compromise is extreme. Administrators must prioritize applying vendor-supplied updates to replace the vulnerable template engine and mitigate the risk of remote code execution.