CVE-2025-9804 in Identity Server as Key Managerinformación

Resumen

por MITRE • 2025-10-16

An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized operations, including accessing server-level information.

This vulnerability affects only internal administrative interfaces. APIs exposed through the WSO2 API Manager's API Gateway remain unaffected.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

WSO2

Reservar

2025-09-01

Divulgación

2025-10-16

Moderación

aceptado

Artículo

VDB-328802

CPE

listo

CWE

CWE-284 (confirmado)

CVSS

6.5 (NVD)

EPSS

0.00032

KEV

Actividades

muy bajo

Sector

Finance

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-9804
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-9804
CVE Details	https://www.cvedetails.com/cve/CVE-2025-9804/

◂ Anterior Visión De Conjunto Próximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!