CVE-2025-1862

Опубликовано: 26 сент. 2025

Источник: nvd

CVSS3: 6.7

CVSS3: 7.2

EPSS Низкий

Описание

By leveraging this vulnerability, an attacker can upload a specially crafted payload and achieve remote code execution (RCE), potentially compromising the server and its data.

Ссылки

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3992/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:wso2:enterprise_integrator:6.6.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:identity_server:5.10.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:identity_server:5.11.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:identity_server:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:identity_server:6.1.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:identity_server_as_key_manager:5.10.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:open_banking_iam:2.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00408

Низкий

6.7 Medium

CVSS3

7.2 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-hwxg-x5fm-7m92

CVSS3: 6.7

github

4 месяца назад

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user-supplied filenames in the BPEL uploader SOAP service endpoint. A malicious actor with administrative privileges can upload arbitrary files to a user-controlled location on the server. By leveraging this vulnerability, an attacker can upload a specially crafted payload and achieve remote code execution (RCE), potentially compromising the server and its data.

EPSS

Процентиль: 61%

0.00408

Низкий

6.7 Medium

CVSS3

7.2 High

CVSS3

Дефекты

CWE-434