CVE-2025-5605

MEDIUM

4.3

Descricao

An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure. The known exposure from this issue is limited to memory statistics. While the vulnerability does not allow full account compromise, it still enables unauthorized access to internal system details.

Detalhes CVE

Pontuacao CVSS v3.14.3

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vetor de ataqueADJACENT_NETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado10/24/2025

Ultima modificacao11/21/2025

Fontenvd

Avistamentos honeypot0

Produtos afetados

wso2:api_control_planewso2:api_managerwso2:enterprise_integratorwso2:identity_serverwso2:identity_server_as_key_managerwso2:open_banking_amwso2:open_banking_iamwso2:traffic_managerwso2:universal_gateway

Fraquezas (CWE)

CWE-290

Referencias

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4115/(ed10eef1-636d-4fbe-9993-6890dfa878f8)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.