VYPR
Unrated severityNVD Advisory· Published Oct 16, 2025· Updated Oct 17, 2025

Improper Access Control in Multiple WSO2 Products via Internal SOAP Admin Services and System REST APIs

CVE-2025-9804

Description

An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized operations, including accessing server-level information.

This vulnerability affects only internal administrative interfaces. APIs exposed through the WSO2 API Manager's API Gateway remain unaffected.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.