VYPR
Moderate severityNVD Advisory· Published Nov 5, 2025· Updated Nov 5, 2025

XML External Entity (XXE) Vulnerability in Multiple WSO2 Products Due to Improper XML Parser Configuration

CVE-2025-10713

Description

An XML External Entity (XXE) vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-supplied XML without applying sufficient restrictions, allowing resolution of external entities.

A successful attack could enable a remote, unauthenticated attacker to read sensitive files from the server's filesystem or perform denial-of-service (DoS) attacks that render affected services unavailable.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.wso2.carbon.mediation:org.wso2.carbon.localentryMaven
>= 0

Affected products

5

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.