CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-5717

An authenticated remote code execution (RCE) vulnerability exists in multiple WSO2 products due to improper input validation in the event processor admin service. A user with administrative access to the SOAP admin services can exploit this flaw by deploying a Siddhi execution plan containing malicious Java code, resulting in arbitrary code execution on the server. Exploitation of this vulnerability requires a valid user account with administrative privileges, limiting the attack surface to authenticated but potentially malicious users.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.8%

CVSS Severity

CVSS v3 Score 6.8

References

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4119/

Products affected by CVE-2025-5717

Wso2 » Api Control Plane » Version: 4.5.0

cpe:2.3:a:wso2:api_control_plane:4.5.0
Wso2 » Api Manager » Version: 3.0.0

cpe:2.3:a:wso2:api_manager:3.0.0
Wso2 » Api Manager » Version: 3.1.0

cpe:2.3:a:wso2:api_manager:3.1.0
Wso2 » Api Manager » Version: 3.2.0

cpe:2.3:a:wso2:api_manager:3.2.0
Wso2 » Api Manager » Version: 3.2.1

cpe:2.3:a:wso2:api_manager:3.2.1
Wso2 » Api Manager » Version: 4.0.0

cpe:2.3:a:wso2:api_manager:4.0.0
Wso2 » Api Manager » Version: 4.1.0

cpe:2.3:a:wso2:api_manager:4.1.0
Wso2 » Api Manager » Version: 4.2.0

cpe:2.3:a:wso2:api_manager:4.2.0
Wso2 » Api Manager » Version: 4.3.0

cpe:2.3:a:wso2:api_manager:4.3.0
Wso2 » Api Manager » Version: 4.4.0

cpe:2.3:a:wso2:api_manager:4.4.0
Wso2 » Api Manager » Version: 4.5.0

cpe:2.3:a:wso2:api_manager:4.5.0
Wso2 » Open Banking Am » Version: 2.0.0

cpe:2.3:a:wso2:open_banking_am:2.0.0
Wso2 » Traffic Manager » Version: 4.5.0

cpe:2.3:a:wso2:traffic_manager:4.5.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-5717

Products

Pricing

Contact Us