5.3

CVE-2025-5605

An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure.

The known exposure from this issue is limited to memory statistics. While the vulnerability does not allow full account compromise, it still enables unauthorized access to internal system details.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wso2Api Control Plane Version4.5.0 Update-
Wso2Api Manager Version3.1.0
Wso2Api Manager Version3.2.0
Wso2Api Manager Version3.2.1
Wso2Api Manager Version4.0.0
Wso2Api Manager Version4.1.0 Update-
Wso2Api Manager Version4.2.0 Update-
Wso2Api Manager Version4.3.0 Update-
Wso2Api Manager Version4.4.0 Update-
Wso2Api Manager Version4.5.0 Update-
Wso2Enterprise Integrator Version6.6.0
Wso2Identity Server Version5.10.0
Wso2Identity Server Version5.11.0
Wso2Identity Server Version6.0.0 Update-
Wso2Identity Server Version6.1.0 Update-
Wso2Identity Server Version7.0.0 Update-
Wso2Identity Server Version7.1.0 Update-
Wso2Open Banking Am Version2.0.0
Wso2Open Banking Iam Version2.0.0
Wso2Traffic Manager Version4.5.0
Wso2Universal Gateway Version4.5.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.38% 0.914
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
ed10eef1-636d-4fbe-9993-6890dfa878f8 4.3 2.8 1.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.