Unrated severityNVD Advisory· Published Sep 23, 2025· Updated Oct 31, 2025
Authenticated Remote Code Execution in Multiple WSO2 Products via Event Processor Admin Service
CVE-2025-5717
Description
An authenticated remote code execution (RCE) vulnerability exists in multiple WSO2 products due to improper input validation in the event processor admin service. A user with administrative access to the SOAP admin services can exploit this flaw by deploying a Siddhi execution plan containing malicious Java code, resulting in arbitrary code execution on the server.
Exploitation of this vulnerability requires a valid user account with administrative privileges, limiting the attack surface to authenticated but potentially malicious users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: 4.5.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.