Unrated severityNVD Advisory· Published Oct 24, 2025· Updated Oct 24, 2025

Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure

CVE-2025-5605

Description

An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure.

The known exposure from this issue is limited to memory statistics. While the vulnerability does not allow full account compromise, it still enables unauthorized access to internal system details.

Affected products

Wso2/Wso2 Traffic Managerv5
Range: 4.5.0
WSO2/WSO2 Open Banking IAMv5
Range: 2.0.0
WSO2/WSO2 Universal Gatewayv5
Range: 4.5.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4115/mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000