CVE-2025-10907P3HIGHCVSS 7.2≥ 1.2.11, < 1.2.11.wso2v17_52025-11-05
CVE-2025-10907 [HIGH] CWE-434 CVE-2025-10907: An arbitrary file upload vulnerability exists in multiple WSO2 products due to insufficient validati
An arbitrary file upload vulnerability exists in multiple WSO2 products due to insufficient validation of uploaded content and destination in SOAP admin services. A malicious actor with administrative privileges can upload a specially crafted file to a user-controlled location within the deployment.
Successful exploitation may lead to remote code exe
nvd