← Volver a CVEs
CVE-2025-9152
CRITICAL9.8
Descripcion
An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration (DCR) endpoint. A malicious user can exploit this flaw to generate access tokens with elevated privileges, potentially leading to administrative access and the ability to perform unauthorized operations.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado10/16/2025
Ultima modificacion10/21/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
wso2:api_control_planewso2:api_manager
Debilidades (CWE)
CWE-306
Referencias
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4483/(ed10eef1-636d-4fbe-9993-6890dfa878f8)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.