CVE-2025-11165

A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine VTools that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime configuration and...

Remote Code Execution

velocity-engine-core is vulnerable to remote code execution. The Uberspector fails to prevent access to java.lang.ClassLoader methods and allows an attacker that is able to modify Template contents to execute arbitrary Java code or run arbitrary system commands with the same privileges as the...

Security improvements to the Velocity Uberspector

This ticket documents an improvement to the Velocity Uberspector's security, locking down which classes can be accessed. This change is a defence-in-depth against potential Remote Code Execution RCE and Injection attacks. The versions which do not have this improvement are before version 8.12.3...

Security improvements to the Velocity Uberspector

This ticket documents an improvement to the Velocity Uberspector's security, locking down which classes can be accessed. This change is a defence-in-depth against potential Remote Code Execution RCE and Injection attacks. The versions which do not have this improvement are before version 8.12.3...