CVE-2025-5717

Опубликовано: 23 сент. 2025

Источник: nvd

CVSS3: 6.8

CVSS3: 7.2

EPSS Низкий

Описание

Exploitation of this vulnerability requires a valid user account with administrative privileges, limiting the attack surface to authenticated but potentially malicious users.

Ссылки

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4119/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:wso2:api_control_plane:4.5.0:-:*:*:*:*:*:*

cpe:2.3:a:wso2:api_manager:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:api_manager:3.1.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:api_manager:3.2.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:api_manager:3.2.1:*:*:*:*:*:*:*

cpe:2.3:a:wso2:api_manager:4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:api_manager:4.1.0:-:*:*:*:*:*:*

cpe:2.3:a:wso2:api_manager:4.2.0:-:*:*:*:*:*:*

cpe:2.3:a:wso2:api_manager:4.3.0:-:*:*:*:*:*:*

cpe:2.3:a:wso2:api_manager:4.4.0:-:*:*:*:*:*:*

cpe:2.3:a:wso2:api_manager:4.5.0:-:*:*:*:*:*:*

cpe:2.3:a:wso2:open_banking_am:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:traffic_manager:4.5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00631

Низкий

6.8 Medium

CVSS3

7.2 High

CVSS3

Дефекты

CWE-94

Связанные уязвимости

GHSA-2h9p-q5rr-fvrp

CVSS3: 6.7

github

5 месяцев назад

An authenticated remote code execution (RCE) vulnerability exists in multiple WSO2 products due to improper input validation in the event processor admin service. A user with administrative access to the SOAP admin services can exploit this flaw by deploying a Siddhi execution plan containing malicious Java code, resulting in arbitrary code execution on the server. Exploitation of this vulnerability requires a valid user account with administrative privileges, limiting the attack surface to authenticated but potentially malicious users.

EPSS

Процентиль: 70%

0.00631

Низкий

6.8 Medium

CVSS3

7.2 High

CVSS3

Дефекты

CWE-94