CVE-2025-5605
Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure
An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure.
The known exposure from this issue is limited to memory statistics. While the vulnerability does not allow full account compromise, it still enables unauthorized access to internal system details.
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Productos afectados
WSO2 · org.wso2.carbon:org.wso2.carbon.uiWSO2 · WSO2 API Control PlaneWSO2 · WSO2 API ManagerWSO2 · WSO2 Enterprise IntegratorWSO2 · WSO2 Identity ServerWSO2 · WSO2 Identity Server as Key ManagerWSO2 · WSO2 Open Banking AMWSO2 · WSO2 Open Banking IAMWSO2 · WSO2 Traffic ManagerWSO2 · WSO2 Universal Gateway¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →