VYPR
Unrated severityNVD Advisory· Published Oct 24, 2025· Updated Oct 24, 2025

Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure

CVE-2025-5605

Description

An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure.

The known exposure from this issue is limited to memory statistics. While the vulnerability does not allow full account compromise, it still enables unauthorized access to internal system details.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • WSO2/WSO2 Open Banking IAMv5
    Range: 2.0.0
  • WSO2/WSO2 Universal Gatewayv5
    Range: 4.5.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.