Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-10611

Опубликовано: 16 окт. 2025
Источник: nvd
CVSS3: 9.8
EPSS Низкий

Описание

Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without proper validation.

Successful exploitation of this vulnerability could lead to a malicious actor gaining administrative access and performing unauthenticated and unauthorized administrative operations.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:wso2:api_control_plane:4.5.0:-:*:*:*:*:*:*
cpe:2.3:a:wso2:api_manager:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:api_manager:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:api_manager:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:api_manager:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:api_manager:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:api_manager:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:api_manager:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:api_manager:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:wso2:api_manager:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:api_manager:4.1.0:-:*:*:*:*:*:*
cpe:2.3:a:wso2:api_manager:4.2.0:-:*:*:*:*:*:*
cpe:2.3:a:wso2:api_manager:4.3.0:-:*:*:*:*:*:*
cpe:2.3:a:wso2:api_manager:4.4.0:-:*:*:*:*:*:*
cpe:2.3:a:wso2:api_manager:4.5.0:-:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server:5.6.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server:5.7.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server:5.8.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server:5.9.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server:5.10.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server:5.11.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server:6.0.0:-:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server:6.1.0:-:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server:7.0.0:-:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server:7.1.0:-:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server_as_key_manager:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server_as_key_manager:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server_as_key_manager:5.6.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server_as_key_manager:5.7.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server_as_key_manager:5.9.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server_as_key_manager:5.10.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:open_banking_am:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:open_banking_am:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:open_banking_am:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:open_banking_iam:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:open_banking_km:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:open_banking_km:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:traffic_manager:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:universal_gateway:4.5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 47%
0.00242
Низкий

9.8 Critical

CVSS3

Дефекты

CWE-863

Связанные уязвимости

github логотип

GHSA-q35x-jjjw-76gp

CVSS3: 9.8
github
4 месяца назад

Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without proper validation. Successful exploitation of this vulnerability could lead to a malicious actor gaining administrative access and performing unauthenticated and unauthorized administrative operations.

EPSS

Процентиль: 47%
0.00242
Низкий

9.8 Critical

CVSS3

Дефекты

CWE-863