Wso2 Org.Wso2.Carbon Org.Wso2.Carbon.Base vulnerabilities
3 known vulnerabilities affecting wso2/org.wso2.carbon_org.wso2.carbon.base.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-10907P3HIGHCVSS 7.2≥ 4.5.3, < 4.5.3.46≥ 4.6.0, < 4.6.0.2005+12 more2025-11-05
CVE-2025-10907 [HIGH] CWE-434 CVE-2025-10907: An arbitrary file upload vulnerability exists in multiple WSO2 products due to insufficient validati
An arbitrary file upload vulnerability exists in multiple WSO2 products due to insufficient validation of uploaded content and destination in SOAP admin services. A malicious actor with administrative privileges can upload a specially crafted file to a user-controlled location within the deployment.
Successful exploitation may lead to remote code exe
nvd
CVE-2025-9804P3MEDIUMCVSS 6.5≥ 4.4.7, < 4.4.7.6≥ 4.4.9, < 4.4.9.11+19 more2025-10-16
CVE-2025-9804 [MEDIUM] CWE-284 CVE-2025-9804: An improper access control vulnerability exists in multiple WSO2 products due to insufficient permis
An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized operations, including accessing server-level information.
This vulnerability affects only internal admini
nvd
CVE-2025-9955P4MEDIUMCVSS 5.7≥ 4.4.8, < 4.4.8.7≥ 4.4.14, < 4.4.14.5+8 more2025-10-16
CVE-2025-9955 [MEDIUM] CWE-863 CVE-2025-9955: An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insuffi
An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details that are not intended to be exposed at that privilege level
nvd