CVE-2025-10907
published 2025-11-05CVE-2025-10907: An arbitrary file upload vulnerability exists in multiple WSO2 products due to insufficient validation of uploaded content and destination in SOAP admin…
PriorityP352high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.49%
38.5th percentile
An arbitrary file upload vulnerability exists in multiple WSO2 products due to insufficient validation of uploaded content and destination in SOAP admin services. A malicious actor with administrative privileges can upload a specially crafted file to a user-controlled location within the deployment.
Successful exploitation may lead to remote code execution (RCE) on the server, depending on how the uploaded file is processed. By default, this vulnerability is only exploitable by users with administrative access to the affected SOAP services.
Affected
107 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wso2 | api_control_plane | — | — |
| wso2 | api_manager | — | — |
| wso2 | api_manager | — | — |
| wso2 | api_manager | — | — |
| wso2 | api_manager | — | — |
| wso2 | api_manager | — | — |
| wso2 | api_manager | — | — |
| wso2 | api_manager | — | — |
| wso2 | api_manager | — | — |
| wso2 | api_manager | — | — |
| wso2 | enterprise_integrator | — | — |
| wso2 | identity_server | — | — |
| wso2 | identity_server | — | — |
| wso2 | identity_server | — | — |
| wso2 | identity_server | — | — |
| wso2 | identity_server | — | — |
| wso2 | identity_server | — | — |
| wso2 | identity_server_as_key_manager | — | — |
| wso2 | open_banking_am | — | — |
| wso2 | open_banking_iam | — | — |
| wso2 | org.apache.ws.commons.axiom.wso2_axiom | >= 1.2.11 < 1.2.11.wso2v17_5 | 1.2.11.wso2v17_5 |
| wso2 | org.jaggeryjs_org.jaggeryjs.jaggery.app.mgt | >= 0.14.13 < 0.14.13.8 | 0.14.13.8 |
| wso2 | org.jaggeryjs_org.jaggeryjs.jaggery.app.mgt | >= 0.14.16 < 0.14.16.1 | 0.14.16.1 |
| wso2 | org.wso2.carbon.deployment_org.wso2.carbon.module.mgt | >= 4.10.1 < 4.10.1.1 | 4.10.1.1 |
| wso2 | org.wso2.carbon.deployment_org.wso2.carbon.module.mgt | >= 4.10.9 < 4.10.9.2 | 4.10.9.2 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-11-05
Published