CVE-2025-9804 in Identity Server as Key Managerinfo

Zusammenfassung

von MITRE • 16.10.2025

An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized operations, including accessing server-level information.

This vulnerability affects only internal administrative interfaces. APIs exposed through the WSO2 API Manager's API Gateway remain unaffected.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

WSO2

Reservieren

01.09.2025

Veröffentlichung

16.10.2025

Moderieren

akzeptiert

Eintrag

VDB-328802

CPE

bereit

CWE

CWE-284 (bestätigt)

CVSS

6.5 (NVD)

EPSS

0.00032

KEV

nein

Aktivitäten

very low

Sektor

Finance

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-9804
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-9804
CVE Details	https://www.cvedetails.com/cve/CVE-2025-9804/

◂ Zurück Übersicht Weiter ▸

Might our Artificial Intelligence support you?

Check our Alexa App!