CVE-2025-10611

EPSS 0.78%
Veröffentlicht 16.10.2025 12:09:31
Zuletzt bearbeitet 21.11.2025 21:38:23
Quelle ed10eef1-636d-4fbe-9993-6890df
CVE-Watchlists
Login
Unerledigt
Login

Potential Broken Access Control in Multiple WSO2 Products via System REST APIs

Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without proper validation.

Successful exploitation of this vulnerability could lead to a malicious actor gaining administrative access and performing unauthenticated and unauthorized administrative operations.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 41 VulnDex Vulnerability Enrichment 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wso2 ≫ Api Control Plane Version4.5.0 Update-

Wso2 ≫ Api Manager Version2.1.0

Wso2 ≫ Api Manager Version2.2.0

Wso2 ≫ Api Manager Version2.5.0

Wso2 ≫ Api Manager Version2.6.0

Wso2 ≫ Api Manager Version3.0.0

Wso2 ≫ Api Manager Version3.1.0

Wso2 ≫ Api Manager Version3.2.0

Wso2 ≫ Api Manager Version3.2.1

Wso2 ≫ Api Manager Version4.0.0

Wso2 ≫ Api Manager Version4.1.0 Update-

Wso2 ≫ Api Manager Version4.2.0 Update-

Wso2 ≫ Api Manager Version4.3.0 Update-

Wso2 ≫ Api Manager Version4.4.0 Update-

Wso2 ≫ Api Manager Version4.5.0 Update-

Wso2 ≫ Identity Server Version5.3.0

Wso2 ≫ Identity Server Version5.5.0

Wso2 ≫ Identity Server Version5.6.0

Wso2 ≫ Identity Server Version5.7.0

Wso2 ≫ Identity Server Version5.8.0

Wso2 ≫ Identity Server Version5.9.0

Wso2 ≫ Identity Server Version5.10.0

Wso2 ≫ Identity Server Version5.11.0

Wso2 ≫ Identity Server Version6.0.0 Update-

Wso2 ≫ Identity Server Version6.1.0 Update-

Wso2 ≫ Identity Server Version7.0.0 Update-

Wso2 ≫ Identity Server Version7.1.0 Update-

Wso2 ≫ Identity Server As Key Manager Version5.3.0

Wso2 ≫ Identity Server As Key Manager Version5.5.0

Wso2 ≫ Identity Server As Key Manager Version5.6.0

Wso2 ≫ Identity Server As Key Manager Version5.7.0

Wso2 ≫ Identity Server As Key Manager Version5.9.0

Wso2 ≫ Identity Server As Key Manager Version5.10.0

Wso2 ≫ Open Banking Am Version1.4.0

Wso2 ≫ Open Banking Am Version1.5.0

Wso2 ≫ Open Banking Am Version2.0.0

Wso2 ≫ Open Banking Iam Version2.0.0

Wso2 ≫ Open Banking Km Version1.4.0

Wso2 ≫ Open Banking Km Version1.5.0

Wso2 ≫ Traffic Manager Version4.5.0

Wso2 ≫ Universal Gateway Version4.5.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.78%	0.512

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
ed10eef1-636d-4fbe-9993-6890dfa878f8	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4585/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-10611

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-10611

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-10611

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-10611