CVE-2025-3125P3HIGHCVSS 7.2≥ 4.7.19, < 4.7.19.7·≥ 4.7.32, < 4.7.32.5+5 more2025-11-05
CVE-2025-3125 [HIGH] CWE-434 CVE-2025-3125: An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input valida
An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate privileges can upload a malicious file to a user-controlled location on the server, potentially leading to remote code execution (RCE).
This functionality is
nvd