CVE-2025-5605

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-5605
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5605.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-5605
Published
2025-10-24T10:15:39.160Z
Modified
2026-04-10T05:30:04.636719Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure.

The known exposure from this issue is limited to memory statistics. While the vulnerability does not allow full account compromise, it still enables unauthorized access to internal system details.

References

Affected packages

Git / github.com/wso2/product-apim

Affected ranges

Type
GIT
Repo
https://github.com/wso2/product-apim
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f84a64d6683176f3ffb57fa262f3035b69781f2f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2971de274564b622974de831403e9688a4a76c14
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e4956e9301b1c26eb06e80ec5c86628154b6ab55
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
cf00d9e6cb083f94abae11818794f62cd5c94079
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9f152cad69fafd010fae1ed02b636409f0860b91
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
572610e8e6564a647044bdb454eda658e1253352
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6e7a9db24a575f1f4a5bc4f4cbb41687c308c466
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c97258caec907ea69c289c80ff708a214c3372dc
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f84a64d6683176f3ffb57fa262f3035b69781f2f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2d31e24faeeb97e70d7f19033ccff2f843f8c892
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2d31e24faeeb97e70d7f19033ccff2f843f8c892
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f84a64d6683176f3ffb57fa262f3035b69781f2f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f84a64d6683176f3ffb57fa262f3035b69781f2f
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.5.0-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.1.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.1.0-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.0-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.3.0-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.4.0-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.5.0-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.5.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.5.0"
        }
    ]
}

Affected versions

4.*
4.0.0-beta
test-tag-1.*
test-tag-1.9.0-Alpha
v1.*
v1.9.0
v1.9.0-Alpha
v1.9.0-Beta
v1.9.0-Beta-2
v1.9.0-Beta-3
v1.9.0-M2
v2.*
v2.0.0
v2.0.0-ALPHA
v2.0.0-M4
v2.0.0-rc1
v2.0.0-rc2
v2.0.0-rc3
v2.0.0-rc4
v2.0.0-rc5
v2.1.0-alpha
v2.1.0-update1
v2.1.0-update10
v2.1.0-update11
v2.1.0-update12
v2.1.0-update13
v2.1.0-update14
v2.1.0-update2
v2.1.0-update3
v2.1.0-update5
v2.1.0-update7
v2.1.0-update8
v2.1.0-update9
v2.2.0
v2.2.0-update1
v2.2.0-update2
v2.2.0-update3
v2.2.0-update4
v2.2.0-update5
v2.2.0-update6
v2.2.0-update7
v2.5.0
v2.5.0-Alpha
v2.5.0-Beta
v2.5.0-rc1
v2.5.0-rc2
v2.5.0-rc3
v2.5.0-rc4
v2.6.0
v2.6.0-alpha
v2.6.0-alpha2
v2.6.0-beta
v2.6.0-beta2
v2.6.0-m1
v2.6.0-m2
v2.6.0-rc1
v2.6.0-rc2
v2.6.0-rc3
v3.*
v3.0.0
v3.0.0-alpha
v3.0.0-alpha2
v3.0.0-beta
v3.0.0-m32
v3.0.0-m33
v3.0.0-m34
v3.0.0-m35
v3.0.0-rc1
v3.0.0-rc2
v3.0.0-rc3
v3.1.0
v3.1.0-alpha
v3.1.0-beta
v3.1.0-m1
v3.1.0-m2
v3.1.0-m3
v3.1.0-m4
v3.1.0-m5
v3.1.0-rc1
v3.1.0-rc2
v3.1.0-rc3
v3.2.0
v3.2.0-alpha
v3.2.0-beta
v3.2.0-m1
v3.2.0-rc1
v3.2.0-rc2
v3.2.0-rc3
v3.2.0-rc4
v3.2.0-rc5
v3.2.0-rc6
v4.*
v4.0.0
v4.0.0-alpha
v4.0.0-beta
v4.0.0-m1
v4.0.0-m2
v4.0.0-m3
v4.0.0-m4
v4.0.0-m5
v4.0.0-m6
v4.0.0-m7
v4.0.0-m8
v4.0.0-rc
v4.1.0
v4.1.0-alpha
v4.1.0-beta
v4.1.0-m1
v4.1.0-m2
v4.1.0-m3
v4.1.0-m4
v4.1.0-rc
v4.1.0-rc2
v4.1.0-rc3
v4.2.0
v4.2.0-alpha
v4.2.0-beta
v4.2.0-m1
v4.2.0-rc
v4.2.0-rc2
v4.3.0
v4.3.0-alpha
v4.3.0-alpha2
v4.3.0-beta
v4.3.0-m2
v4.3.0-rc
v4.3.0-rc2
v4.4.0
v4.4.0-alpha
v4.4.0-beta
v4.4.0-m1
v4.4.0-rc
v4.4.0-rc2
v4.5.0-acp
v4.5.0-acp-alpha
v4.5.0-acp-beta
v4.5.0-acp-m1
v4.5.0-acp-rc
v4.5.0-acp-rc2
v4.5.0-beta
v4.5.0-gw-alpha
v4.5.0-gw-beta
v4.5.0-gw-m1
v4.5.0-gw-rc
v4.5.0-m1
v4.5.0-m2
v4.5.0-rc
v4.5.0-tm
v4.5.0-tm-alpha
v4.5.0-tm-beta
v4.5.0-tm-m1
v4.5.0-tm-rc
v4.5.0-tm-rc2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5605.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.2.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.6.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "5.10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "5.11.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.0.0-NA"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.1.0-NA"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0.0-NA"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.1.0-NA"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "5.10.0"
            }
        ]
    }
]