CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-1862

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user-supplied filenames in the BPEL uploader SOAP service endpoint. A malicious actor with administrative privileges can upload arbitrary files to a user-controlled location on the server. By leveraging this vulnerability, an attacker can upload a specially crafted payload and achieve remote code execution (RCE), potentially compromising the server and its data.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 50.3%

CVSS Severity

CVSS v3 Score 6.7

References

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3992/

Products affected by CVE-2025-1862

Wso2 » Enterprise Integrator » Version: 6.6.0

cpe:2.3:a:wso2:enterprise_integrator:6.6.0
Wso2 » Identity Server » Version: 5.10.0

cpe:2.3:a:wso2:identity_server:5.10.0
Wso2 » Identity Server » Version: 5.11.0

cpe:2.3:a:wso2:identity_server:5.11.0
Wso2 » Identity Server » Version: 6.0.0

cpe:2.3:a:wso2:identity_server:6.0.0
Wso2 » Identity Server » Version: 6.1.0

cpe:2.3:a:wso2:identity_server:6.1.0
Wso2 » Identity Server As Key Manager » Version: 5.10.0

cpe:2.3:a:wso2:identity_server_as_key_manager:5.10.0
Wso2 » Open Banking Iam » Version: 2.0.0

cpe:2.3:a:wso2:open_banking_iam:2.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-1862

Products

Pricing

Contact Us