CVE-2025-9955

Опубликовано: 16 окт. 2025

Источник: nvd

CVSS3: 5.7

EPSS Низкий

Описание

While no credentials or sensitive user information are exposed, this vulnerability may allow unauthorized visibility into internal operational details, which could aid in further exploitation or reconnaissance.

Ссылки

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4526/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:wso2:enterprise_integrator:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:enterprise_integrator:6.1.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:enterprise_integrator:6.1.1:*:*:*:*:*:*:*

cpe:2.3:a:wso2:enterprise_integrator:6.2.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:enterprise_integrator:6.3.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:enterprise_integrator:6.4.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:enterprise_integrator:6.5.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:enterprise_integrator:6.6.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:enterprise_service_bus:5.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 12%

0.00042

Низкий

5.7 Medium

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-96gj-mh52-m33j

CVSS3: 5.7

github

около 2 месяцев назад

An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details that are not intended to be exposed at that privilege level. While no credentials or sensitive user information are exposed, this vulnerability may allow unauthorized visibility into internal operational details, which could aid in further exploitation or reconnaissance.

EPSS

Процентиль: 12%

0.00042

Низкий

5.7 Medium

CVSS3

Дефекты

CWE-863