CVE-2025-5605

Source
https://cve.org/CVERecord?id=CVE-2025-5605
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5605.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-5605
Published
2025-10-24T10:15:39.160Z
Modified
2026-07-08T08:12:11.211468208Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure.

The known exposure from this issue is limited to memory statistics. While the vulnerability does not allow full account compromise, it still enables unauthorized access to internal system details.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:wso2:api_control_plane:4.5.0:-:*:*:*:*:*:*"
            ],
            "vendor_product": "wso2:api_control_plane",
            "extracted_events": [
                {
                    "introduced": "4.5.0-NA"
                },
                {
                    "last_affected": "4.5.0-NA"
                }
            ]
        },
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:wso2:api_manager:3.2.1:*:*:*:*:*:*:*"
            ],
            "vendor_product": "wso2:api_manager",
            "extracted_events": [
                {
                    "introduced": "3.2.1"
                },
                {
                    "last_affected": "3.2.1"
                }
            ]
        },
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:wso2:identity_server:5.10.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:wso2:identity_server:5.11.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:wso2:identity_server:6.0.0:-:*:*:*:*:*:*",
                "cpe:2.3:a:wso2:identity_server:6.1.0:-:*:*:*:*:*:*",
                "cpe:2.3:a:wso2:identity_server:7.0.0:-:*:*:*:*:*:*",
                "cpe:2.3:a:wso2:identity_server:7.1.0:-:*:*:*:*:*:*"
            ],
            "vendor_product": "wso2:identity_server",
            "extracted_events": [
                {
                    "introduced": "5.10.0"
                },
                {
                    "last_affected": "5.10.0"
                },
                {
                    "introduced": "5.11.0"
                },
                {
                    "last_affected": "5.11.0"
                },
                {
                    "introduced": "6.0.0-NA"
                },
                {
                    "last_affected": "6.0.0-NA"
                },
                {
                    "introduced": "6.1.0-NA"
                },
                {
                    "last_affected": "6.1.0-NA"
                },
                {
                    "introduced": "7.0.0-NA"
                },
                {
                    "last_affected": "7.0.0-NA"
                },
                {
                    "introduced": "7.1.0-NA"
                },
                {
                    "last_affected": "7.1.0-NA"
                }
            ]
        },
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:wso2:identity_server_as_key_manager:5.10.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "wso2:identity_server_as_key_manager",
            "extracted_events": [
                {
                    "introduced": "5.10.0"
                },
                {
                    "last_affected": "5.10.0"
                }
            ]
        },
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:wso2:open_banking_am:2.0.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "wso2:open_banking_am",
            "extracted_events": [
                {
                    "introduced": "2.0.0"
                },
                {
                    "last_affected": "2.0.0"
                }
            ]
        },
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:wso2:open_banking_iam:2.0.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "wso2:open_banking_iam",
            "extracted_events": [
                {
                    "introduced": "2.0.0"
                },
                {
                    "last_affected": "2.0.0"
                }
            ]
        },
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:wso2:traffic_manager:4.5.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "wso2:traffic_manager",
            "extracted_events": [
                {
                    "introduced": "4.5.0"
                },
                {
                    "last_affected": "4.5.0"
                }
            ]
        },
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:wso2:universal_gateway:4.5.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "wso2:universal_gateway",
            "extracted_events": [
                {
                    "introduced": "4.5.0"
                },
                {
                    "last_affected": "4.5.0"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/wso2/product-apim

Affected ranges

Type
GIT
Repo
https://github.com/wso2/product-apim
Events
Database specific
{
    "source": "CPE_STRING",
    "extracted_events": [
        {
            "introduced": "3.1.0"
        },
        {
            "last_affected": "3.1.0"
        },
        {
            "introduced": "3.2.0"
        },
        {
            "last_affected": "3.2.0"
        },
        {
            "introduced": "4.0.0"
        },
        {
            "last_affected": "4.0.0"
        },
        {
            "introduced": "4.1.0-NA"
        },
        {
            "last_affected": "4.1.0-NA"
        },
        {
            "introduced": "4.2.0-NA"
        },
        {
            "last_affected": "4.2.0-NA"
        },
        {
            "introduced": "4.3.0-NA"
        },
        {
            "last_affected": "4.3.0-NA"
        },
        {
            "introduced": "4.4.0-NA"
        },
        {
            "last_affected": "4.4.0-NA"
        },
        {
            "introduced": "4.5.0-NA"
        },
        {
            "last_affected": "4.5.0-NA"
        }
    ],
    "cpe": [
        "cpe:2.3:a:wso2:api_manager:3.1.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:wso2:api_manager:3.2.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:wso2:api_manager:4.0.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:wso2:api_manager:4.1.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:wso2:api_manager:4.2.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:wso2:api_manager:4.3.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:wso2:api_manager:4.4.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:wso2:api_manager:4.5.0:-:*:*:*:*:*:*"
    ]
}

Affected versions

3.*
3.1.0
3.2.0
4.*
4.0.0
4.0.0-beta
4.1.0-NA
4.2.0-NA
4.3.0-NA
4.4.0-NA
4.5.0-NA
v3.*
v3.1.0
v3.1.0-rc3
v3.2.0
v3.2.0-alpha
v3.2.0-beta
v3.2.0-m1
v3.2.0-rc1
v3.2.0-rc2
v3.2.0-rc3
v3.2.0-rc4
v3.2.0-rc5
v3.2.0-rc6
v4.*
v4.0.0
v4.0.0-alpha
v4.0.0-beta
v4.0.0-m1
v4.0.0-m2
v4.0.0-m3
v4.0.0-m4
v4.0.0-m5
v4.0.0-m6
v4.0.0-m7
v4.0.0-m8
v4.0.0-rc
v4.1.0
v4.1.0-alpha
v4.1.0-beta
v4.1.0-m1
v4.1.0-m2
v4.1.0-m3
v4.1.0-m4
v4.1.0-rc
v4.1.0-rc2
v4.1.0-rc3
v4.2.0
v4.2.0-alpha
v4.2.0-beta
v4.2.0-m1
v4.2.0-rc
v4.2.0-rc2
v4.3.0
v4.3.0-alpha
v4.3.0-alpha2
v4.3.0-beta
v4.3.0-m2
v4.3.0-rc
v4.3.0-rc2
v4.4.0
v4.4.0-alpha
v4.4.0-beta
v4.4.0-m1
v4.4.0-rc
v4.4.0-rc2
v4.5.0-acp
v4.5.0-acp-alpha
v4.5.0-acp-beta
v4.5.0-acp-m1
v4.5.0-acp-rc
v4.5.0-acp-rc2
v4.5.0-beta
v4.5.0-gw-alpha
v4.5.0-gw-beta
v4.5.0-gw-m1
v4.5.0-gw-rc
v4.5.0-m1
v4.5.0-m2
v4.5.0-rc
v4.5.0-tm
v4.5.0-tm-alpha
v4.5.0-tm-beta
v4.5.0-tm-m1
v4.5.0-tm-rc
v4.5.0-tm-rc2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5605.json"

Git / github.com/wso2/product-ei

Affected ranges

Type
GIT
Repo
https://github.com/wso2/product-ei
Events
Database specific
{
    "source": "CPE_STRING",
    "extracted_events": [
        {
            "introduced": "6.6.0"
        },
        {
            "last_affected": "6.6.0"
        }
    ],
    "cpe": "cpe:2.3:a:wso2:enterprise_integrator:6.6.0:*:*:*:*:*:*:*"
}

Affected versions

6.*
6.6.0
v6.*
v6.6.0
v6.6.0-rc3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5605.json"