CVE-2025-5605
published 2025-10-24CVE-2025-5605: An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate…
PriorityP183medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.81%
52.3th percentile
An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure.
The known exposure from this issue is limited to memory statistics. While the vulnerability does not allow full account compromise, it still enables unauthorized access to internal system details.
Affected
59 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | cbl2_toolbox_0.0.18-9_on_cbl_mariner_2.0 | — | — |
| wso2 | api_control_plane | — | — |
| wso2 | api_manager | — | — |
| wso2 | api_manager | — | — |
| wso2 | api_manager | — | — |
| wso2 | api_manager | — | — |
| wso2 | api_manager | — | — |
| wso2 | api_manager | — | — |
| wso2 | api_manager | — | — |
| wso2 | api_manager | — | — |
| wso2 | api_manager | — | — |
| wso2 | enterprise_integrator | — | — |
| wso2 | identity_server | — | — |
| wso2 | identity_server | — | — |
| wso2 | identity_server | — | — |
| wso2 | identity_server | — | — |
| wso2 | identity_server | — | — |
| wso2 | identity_server | — | — |
| wso2 | identity_server_as_key_manager | — | — |
| wso2 | open_banking_am | — | — |
| wso2 | open_banking_iam | — | — |
| wso2 | org.wso2.carbon_org.wso2.carbon.ui | >= 4.10.42 < 4.10.42.10 | 4.10.42.10 |
| wso2 | org.wso2.carbon_org.wso2.carbon.ui | >= 4.10.9 < 4.10.9.68 | 4.10.9.68 |
| wso2 | org.wso2.carbon_org.wso2.carbon.ui | >= 4.5.3 < 4.5.3.40 | 4.5.3.40 |
| wso2 | org.wso2.carbon_org.wso2.carbon.ui | >= 4.6.0 < 4.6.0.1224 | 4.6.0.1224 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect authentication bypass attempts against WSO2 Management Console by looking for HTTP GET requests to '/carbon/server-admin/memory_info.jsp;.jar' — the semicolon-based URI manipulation is the bypass technique. ↗
- →A successful exploitation response will contain both 'Memory Statistics' and 'Collection Usage' in the HTTP 200 response body from an unauthenticated request. ↗
- →Use Shodan favicon hash 1398055326 to identify exposed WSO2 Management Console instances potentially vulnerable to CVE-2025-5605. ↗
- →The bypass relies on URI path manipulation using a semicolon suffix (';.jar') appended to a JSP endpoint to circumvent authentication checks in the WSO2 Management Console. ↗
- ·Exploitation requires network access to the WSO2 Management Console; the vulnerability does not allow full account compromise, only partial information disclosure (memory statistics). ↗
- ·The known exposure is limited to memory statistics endpoints; other restricted resources may or may not be accessible depending on the specific WSO2 product and version. ↗
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vulncheck4.3MEDIUM
vendor_msrc5.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p2f5-h899-464p: An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products
ghsa_unreviewed·2025-10-24
CVE-2025-5605 [MEDIUM] CWE-290 GHSA-p2f5-h899-464p: An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products
An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure.
The known exposure from this issue is limited to memory statistics. While the vulnerability does not allow full account compromise, it still enables unauthorized access to internal system details.
VulnCheck
WSO2 api_control_plane Authentication Bypass by Spoofing
vulncheck·2025·CVSS 4.3
CVE-2025-5605 [MEDIUM] WSO2 api_control_plane Authentication Bypass by Spoofing
WSO2 api_control_plane Authentication Bypass by Spoofing
An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure.
The known exposure from this issue is limited to memory statistics. While the vulnerability does not allow full account compromise, it still enables unauthorized access to internal system details.
Affected: WSO2 api_control_plane
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer
Microsoft
JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection.
vendor_msrc·2019-10-08·CVSS 5.9
CVE-2019-14959 [MEDIUM] CWE-319 JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection.
JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
mitre: mitre
Customer Action Required: Yes
Remediation: CBL-
No detection rules found.
Nuclei
WSO2 Management Console - Authentication Bypass
nuclei·CVSS 5.3
CVE-2025-5605 [MEDIUM] WSO2 Management Console - Authentication Bypass
WSO2 Management Console - Authentication Bypass
An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure. The known exposure from this issue is limited to memory statistics. While the vulnerability does not allow full account compromise, it still enables unauthorized access to internal system details.
Template:
id: CVE-2025-5605
info:
name: WSO2 Management Console - Authentication Bypass
author: DhiyaneshDK
severity: medium
description: |
An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with acc
No writeups or analysis indexed.
2025-10-24
Published
Exploited in the wild