9.1

CVE-2025-10713

An XML External Entity (XXE) vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-supplied XML without applying sufficient restrictions, allowing resolution of external entities.

A successful attack could enable a remote, unauthenticated attacker to read sensitive files from the server's filesystem or perform denial-of-service (DoS) attacks that render affected services unavailable.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wso2Api Control Plane Version4.5.0 Update-
Wso2Api Manager Version3.1.0
Wso2Api Manager Version3.2.0
Wso2Api Manager Version3.2.1
Wso2Api Manager Version4.0.0
Wso2Api Manager Version4.1.0 Update-
Wso2Api Manager Version4.2.0 Update-
Wso2Api Manager Version4.3.0 Update-
Wso2Api Manager Version4.4.0 Update-
Wso2Api Manager Version4.5.0 Update-
Wso2Enterprise Integrator Version6.6.0
Wso2Identity Server Version5.10.0
Wso2Identity Server Version5.11.0
Wso2Identity Server Version7.1.0 Update-
Wso2Open Banking Am Version2.0.0
Wso2Open Banking Iam Version2.0.0
Wso2Traffic Manager Version4.5.0
Wso2Universal Gateway Version4.5.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.1% 0.285
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.1 3.9 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
ed10eef1-636d-4fbe-9993-6890dfa878f8 6.5 1.2 5.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.