Home
CRITICAL: 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDefault status
unaffected
Any version before 2.1.0
unknown
2.1.0 (custom) before 2.1.0.42
affected
2.2.0 (custom) before 2.2.0.61
affected
2.5.0 (custom) before 2.5.0.87
affected
2.6.0 (custom) before 2.6.0.148
affected
3.0.0 (custom) before 3.0.0.178
affected
3.1.0 (custom) before 3.1.0.345
affected
3.2.0 (custom) before 3.2.0.446
affected
3.2.1 (custom) before 3.2.1.66
affected
4.0.0 (custom) before 4.0.0.366
affected
4.1.0 (custom) before 4.1.0.228
affected
4.2.0 (custom) before 4.2.0.169
affected
4.3.0 (custom) before 4.3.0.81
affected
4.4.0 (custom) before 4.4.0.45
affected
4.5.0 (custom) before 4.5.0.28
affected
Default status
unaffected
4.5.0 (custom) before 4.5.0.29
affected
Default status
unaffected
Any version before 1.4.0
unknown
1.4.0 (custom) before 1.4.0.141
affected
1.5.0 (custom) before 1.5.0.142
affected
2.0.0 (custom) before 2.0.0.394
affected
Default status
unaffected
Any version before 2.0.0
unknown
2.0.0 (custom) before 2.0.0.414
affected
Default status
unaffected
Any version before 5.3.0
unknown
5.3.0 (custom) before 5.3.0.39
affected
5.5.0 (custom) before 5.5.0.54
affected
5.6.0 (custom) before 5.6.0.62
affected
5.7.0 (custom) before 5.7.0.128
affected
5.8.0 (custom) before 5.8.0.112
affected
5.9.0 (custom) before 5.9.0.171
affected
5.10.0 (custom) before 5.10.0.375
affected
5.11.0 (custom) before 5.11.0.419
affected
6.0.0 (custom) before 6.0.0.248
affected
6.1.0 (custom) before 6.1.0.248
affected
7.0.0 (custom) before 7.0.0.124
affected
7.1.0 (custom) before 7.1.0.31
affected
Default status
unaffected
Any version before 5.3.0
unknown
5.3.0 (custom) before 5.3.0.44
affected
5.5.0 (custom) before 5.5.0.55
affected
5.6.0 (custom) before 5.6.0.77
affected
5.7.0 (custom) before 5.7.0.127
affected
5.9.0 (custom) before 5.9.0.178
affected
5.10.0 (custom) before 5.10.0.365
affected
Default status
unaffected
Any version before 1.4.0
unknown
1.4.0 (custom) before 1.4.0.135
affected
1.5.0 (custom) before 1.5.0.125
affected
Default status
unaffected
4.5.0 (custom) before 4.5.0.27
affected
Default status
unaffected
4.5.0 (custom) before 4.5.0.27
affected
Default status
unknown
1.1.1 (custom) before 1.1.1.7
affected
1.1.16 (custom) before 1.1.16.6
affected
1.1.18 (custom) before 1.1.18.7
affected
1.1.20 (custom) before 1.1.20.9
affected
1.1.26 (custom) before 1.1.26.11
affected
1.3.6 (custom) before 1.3.6.11
affected
1.4.0 (custom) before 1.4.0.21
affected
1.4.25 (custom) before 1.4.25.27
affected
1.4.52 (custom) before 1.4.52.6
affected
1.6.1 (custom) before 1.6.1.12
affected
1.7.1 (custom) before 1.7.1.7
affected
1.8.11 (custom) before 1.8.11.8
affected
1.8.41 (custom) before 1.8.41.4
affected
1.9.4 (custom) before 1.9.4.9
affected
1.9.18 (custom) before 1.9.18.7
affected
1.8 (custom) before 1.8.48
affected
1.9.46 (custom)
unaffected
Default status
unknown
1.1.1 (custom) before 1.1.1.7
affected
1.1.16 (custom) before 1.1.16.6
affected
1.1.18 (custom) before 1.1.18.7
affected
1.1.20 (custom) before 1.1.20.9
affected
1.1.26 (custom) before 1.1.26.11
affected
1.3.6 (custom) before 1.3.6.11
affected
1.4.0 (custom) before 1.4.0.21
affected
1.4.25 (custom) before 1.4.25.27
affected
1.4.52 (custom) before 1.4.52.6
affected
1.6.1 (custom) before 1.6.1.12
affected
1.7.1 (custom) before 1.7.1.7
affected
1.8.11 (custom) before 1.8.11.8
affected
1.8.41 (custom) before 1.8.41.4
affected
1.9.4 (custom) before 1.9.4.9
affected
1.9.18 (custom) before 1.9.18.7
affected
1.8 (custom) before 1.8.48
affected
1.9.46 (custom)
unaffected
Description
Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without proper validation. Successful exploitation of this vulnerability could lead to a malicious actor gaining administrative access and performing unauthenticated and unauthorized administrative operations.
Product status
Any version before 2.1.0
2.1.0 (custom) before 2.1.0.42
2.2.0 (custom) before 2.2.0.61
2.5.0 (custom) before 2.5.0.87
2.6.0 (custom) before 2.6.0.148
3.0.0 (custom) before 3.0.0.178
3.1.0 (custom) before 3.1.0.345
3.2.0 (custom) before 3.2.0.446
3.2.1 (custom) before 3.2.1.66
4.0.0 (custom) before 4.0.0.366
4.1.0 (custom) before 4.1.0.228
4.2.0 (custom) before 4.2.0.169
4.3.0 (custom) before 4.3.0.81
4.4.0 (custom) before 4.4.0.45
4.5.0 (custom) before 4.5.0.28
4.5.0 (custom) before 4.5.0.29
Any version before 1.4.0
1.4.0 (custom) before 1.4.0.141
1.5.0 (custom) before 1.5.0.142
2.0.0 (custom) before 2.0.0.394
Any version before 2.0.0
2.0.0 (custom) before 2.0.0.414
Any version before 5.3.0
5.3.0 (custom) before 5.3.0.39
5.5.0 (custom) before 5.5.0.54
5.6.0 (custom) before 5.6.0.62
5.7.0 (custom) before 5.7.0.128
5.8.0 (custom) before 5.8.0.112
5.9.0 (custom) before 5.9.0.171
5.10.0 (custom) before 5.10.0.375
5.11.0 (custom) before 5.11.0.419
6.0.0 (custom) before 6.0.0.248
6.1.0 (custom) before 6.1.0.248
7.0.0 (custom) before 7.0.0.124
7.1.0 (custom) before 7.1.0.31
Any version before 5.3.0
5.3.0 (custom) before 5.3.0.44
5.5.0 (custom) before 5.5.0.55
5.6.0 (custom) before 5.6.0.77
5.7.0 (custom) before 5.7.0.127
5.9.0 (custom) before 5.9.0.178
5.10.0 (custom) before 5.10.0.365
Any version before 1.4.0
1.4.0 (custom) before 1.4.0.135
1.5.0 (custom) before 1.5.0.125
4.5.0 (custom) before 4.5.0.27
4.5.0 (custom) before 4.5.0.27
1.1.1 (custom) before 1.1.1.7
1.1.16 (custom) before 1.1.16.6
1.1.18 (custom) before 1.1.18.7
1.1.20 (custom) before 1.1.20.9
1.1.26 (custom) before 1.1.26.11
1.3.6 (custom) before 1.3.6.11
1.4.0 (custom) before 1.4.0.21
1.4.25 (custom) before 1.4.25.27
1.4.52 (custom) before 1.4.52.6
1.6.1 (custom) before 1.6.1.12
1.7.1 (custom) before 1.7.1.7
1.8.11 (custom) before 1.8.11.8
1.8.41 (custom) before 1.8.41.4
1.9.4 (custom) before 1.9.4.9
1.9.18 (custom) before 1.9.18.7
1.8 (custom) before 1.8.48
1.9.46 (custom)
1.1.1 (custom) before 1.1.1.7
1.1.16 (custom) before 1.1.16.6
1.1.18 (custom) before 1.1.18.7
1.1.20 (custom) before 1.1.20.9
1.1.26 (custom) before 1.1.26.11
1.3.6 (custom) before 1.3.6.11
1.4.0 (custom) before 1.4.0.21
1.4.25 (custom) before 1.4.25.27
1.4.52 (custom) before 1.4.52.6
1.6.1 (custom) before 1.6.1.12
1.7.1 (custom) before 1.7.1.7
1.8.11 (custom) before 1.8.11.8
1.8.41 (custom) before 1.8.41.4
1.9.4 (custom) before 1.9.4.9
1.9.18 (custom) before 1.9.18.7
1.8 (custom) before 1.8.48
1.9.46 (custom)
References
security.docs.wso2.com/...ty-advisories/2025/WSO2-2025-4585/
