cbcvebase.
CVE-2025-1862
published 2025-09-26

CVE-2025-1862: An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user-supplied filenames in the BPEL uploader SOAP service…

PriorityP351high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.50%
39.1th percentile
An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user-supplied filenames in the BPEL uploader SOAP service endpoint. A malicious actor with administrative privileges can upload arbitrary files to a user-controlled location on the server. By leveraging this vulnerability, an attacker can upload a specially crafted payload and achieve remote code execution (RCE), potentially compromising the server and its data.

Affected

14 ranges
VendorProductVersion rangeFixed in
wso2enterprise_integrator
wso2identity_server
wso2identity_server
wso2identity_server
wso2identity_server
wso2identity_server_as_key_manager
wso2open_banking_iam
wso2wso2_enterprise_integrator>= 6.6.0 < 6.6.0.2156.6.0.215
wso2wso2_identity_server>= 5.10.0 < 5.10.0.3475.10.0.347
wso2wso2_identity_server>= 5.11.0 < 5.11.0.3965.11.0.396
wso2wso2_identity_server>= 6.0.0 < 6.0.0.2326.0.0.232
wso2wso2_identity_server>= 6.1.0 < 6.1.0.2246.1.0.224
wso2wso2_identity_server_as_key_manager>= 5.10.0 < 5.10.0.3405.10.0.340
wso2wso2_open_banking_iam>= 2.0.0 < 2.0.0.3912.0.0.391

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.