CVE-2025-9152
- EPSS 0.07%
- Veröffentlicht 16.10.2025 12:37:00
- Zuletzt bearbeitet 21.10.2025 18:33:41
An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration (DCR) endpoint. A malicious user can exploit this flaw to gener...
CVE-2025-9804
- EPSS 0.06%
- Veröffentlicht 16.10.2025 12:33:45
- Zuletzt bearbeitet 21.11.2025 21:40:09
An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized ope...
CVE-2025-10611
- EPSS 0.18%
- Veröffentlicht 16.10.2025 12:09:31
- Zuletzt bearbeitet 21.11.2025 21:38:23
Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without proper validation. Successful exploitation of this vul...
CVE-2025-5717
- EPSS 0.4%
- Veröffentlicht 23.09.2025 16:15:33
- Zuletzt bearbeitet 21.11.2025 21:34:06
An authenticated remote code execution (RCE) vulnerability exists in multiple WSO2 products due to improper input validation in the event processor admin service. A user with administrative access to the SOAP admin services can exploit this flaw by d...
CVE-2025-4760
- EPSS 0.04%
- Veröffentlicht 23.09.2025 15:15:31
- Zuletzt bearbeitet 21.11.2025 21:29:56
An authenticated stored cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a craf...