Moderate severityNVD Advisory· Published Nov 5, 2025· Updated Nov 5, 2025
XML External Entity (XXE) Vulnerability in Multiple WSO2 Products Due to Improper XML Parser Configuration
CVE-2025-10713
Description
An XML External Entity (XXE) vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-supplied XML without applying sufficient restrictions, allowing resolution of external entities.
A successful attack could enable a remote, unauthenticated attacker to read sensitive files from the server's filesystem or perform denial-of-service (DoS) attacks that render affected services unavailable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.wso2.carbon.mediation:org.wso2.carbon.localentryMaven | >= 0 | — |
Affected products
5- Range: 4.7.30
- Range: 4.5.0
- WSO2/WSO2 Open Banking IAMv5Range: 2.0.0
- WSO2/WSO2 Universal Gatewayv5Range: 4.5.0
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-fvfq-q238-j7j3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-10713ghsaADVISORY
- security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4505/mitrevendor-advisory
- github.com/wso2/carbon-mediation/commit/b995b2f1db96a4697791f0202cc8713f15640fd5ghsaWEB
- github.com/wso2/carbon-mediation/pull/1784ghsaWEB
- security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4505ghsaWEB
News mentions
0No linked articles in our index yet.