An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate privileges can upload a malicious file to a user-controlled location on the server, potentially leading to remote code execution (RCE).
This functionality is restricted by default to admin users; therefore, successful exploitation requires valid credentials with administrative permissions.
{
"versions": [
{
"introduced": "0"
},
{
"last_affected": "4.5.0-NA"
},
{
"introduced": "0"
},
{
"last_affected": "3.2.0"
},
{
"introduced": "0"
},
{
"last_affected": "4.0.0"
},
{
"introduced": "0"
},
{
"last_affected": "4.1.0-NA"
},
{
"introduced": "0"
},
{
"last_affected": "4.2.0-NA"
},
{
"introduced": "0"
},
{
"last_affected": "4.3.0-NA"
},
{
"introduced": "0"
},
{
"last_affected": "4.4.0-NA"
},
{
"introduced": "0"
},
{
"last_affected": "4.5.0-NA"
},
{
"introduced": "0"
},
{
"last_affected": "2.0.0"
},
{
"introduced": "0"
},
{
"last_affected": "4.5.0"
},
{
"introduced": "0"
},
{
"last_affected": "4.5.0"
}
]
}[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.2.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.10.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.11.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.0-NA"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.1.0-NA"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0.0-NA"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.10.0"
}
]
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3125.json"