Vulnerability Details CVE-2025-10713
An XML External Entity (XXE) vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-supplied XML without applying sufficient restrictions, allowing resolution of external entities.
A successful attack could enable a remote, unauthenticated attacker to read sensitive files from the server's filesystem or perform denial-of-service (DoS) attacks that render affected services unavailable.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.6%
CVSS Severity
CVSS v3 Score 6.5
Products affected by CVE-2025-10713
-
cpe:2.3:a:wso2:api_control_plane:4.5.0
-
cpe:2.3:a:wso2:api_manager:3.1.0
-
cpe:2.3:a:wso2:api_manager:3.2.0
-
cpe:2.3:a:wso2:api_manager:3.2.1
-
cpe:2.3:a:wso2:api_manager:4.0.0
-
cpe:2.3:a:wso2:api_manager:4.1.0
-
cpe:2.3:a:wso2:api_manager:4.2.0
-
cpe:2.3:a:wso2:api_manager:4.3.0
-
cpe:2.3:a:wso2:api_manager:4.4.0
-
cpe:2.3:a:wso2:api_manager:4.5.0
-
cpe:2.3:a:wso2:enterprise_integrator:6.6.0
-
cpe:2.3:a:wso2:identity_server:5.10.0
-
cpe:2.3:a:wso2:identity_server:5.11.0
-
cpe:2.3:a:wso2:identity_server:7.1.0
-
cpe:2.3:a:wso2:open_banking_am:2.0.0
-
cpe:2.3:a:wso2:open_banking_iam:2.0.0
-
cpe:2.3:a:wso2:traffic_manager:4.5.0
-
cpe:2.3:a:wso2:universal_gateway:4.5.0