Количество 2
Количество 2
CVE-2025-2905
Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity (XXE) resolution in multiple WSO2 Products. A successful XXE attack could allow a remote, unauthenticated attacker to: * Read sensitive files from the server’s filesystem. * Perform denial-of-service (DoS) attacks, which can render the affected service unavailable.
GHSA-h94w-8qhg-3xmc
WSO2 API Manager XML External Entity (XXE) vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-2905 Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity (XXE) resolution in multiple WSO2 Products. A successful XXE attack could allow a remote, unauthenticated attacker to: * Read sensitive files from the server’s filesystem. * Perform denial-of-service (DoS) attacks, which can render the affected service unavailable. | CVSS3: 9.1 | 0% Низкий | 9 месяцев назад |
| GHSA-h94w-8qhg-3xmc WSO2 API Manager XML External Entity (XXE) vulnerability | CVSS3: 9.1 | 0% Низкий | 9 месяцев назад |
Уязвимостей на страницу