Home

Description

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate privileges can upload a malicious file to a user-controlled location on the server, potentially leading to remote code execution (RCE). This functionality is restricted by default to admin users; therefore, successful exploitation requires valid credentials with administrative permissions.

PUBLISHED Reserved 2025-04-02 | Published 2025-11-05 | Updated 2025-11-05 | Assigner WSO2




MEDIUM: 6.7CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

Product status

Default status
unaffected

Any version before 5.10.0
unknown

5.10.0 (custom) before 5.10.0.360
affected

5.11.0 (custom) before 5.11.0.399
affected

6.0.0 (custom) before 6.0.0.235
affected

6.1.0 (custom) before 6.1.0.230
affected

7.0.0 (custom) before 7.0.0.101
affected

7.1.0 (custom) before 7.1.0.32
affected

Default status
unaffected

Any version before 6.6.0
unknown

6.6.0 (custom) before 6.6.0.217
affected

Default status
unaffected

Any version before 2.0.0
unknown

2.0.0 (custom) before 2.0.0.402
affected

Default status
unaffected

Any version before 5.10.0
unknown

5.10.0 (custom) before 5.10.0.353
affected

Default status
unaffected

Any version before 3.2.0
unknown

3.2.0 (custom) before 3.2.0.421
affected

3.2.1 (custom) before 3.2.1.41
affected

4.0.0 (custom) before 4.0.0.342
affected

4.1.0 (custom) before 4.1.0.203
affected

4.2.0 (custom) before 4.2.0.142
affected

4.3.0 (custom) before 4.3.0.55
affected

4.4.0 (custom) before 4.4.0.19
affected

4.5.0 (custom) before 4.5.0.2
affected

Default status
unaffected

4.5.0 (custom) before 4.5.0.2
affected

Default status
unaffected

4.5.0 (custom) before 4.5.0.2
affected

Default status
unaffected

4.5.0 (custom) before 4.5.0.2
affected

Default status
unknown

4.7.19 (custom) before 4.7.19.7
affected

4.7.32 (custom) before 4.7.32.5
affected

4.7.35 (custom) before 4.7.35.8
affected

4.7.39 (custom) before 4.7.39.1
affected

4.7.49 (custom) before 4.7.49.4
affected

4.7.52 (custom) before 4.7.52.1
affected

4.10.13 (custom) before 4.10.13.1
affected

4.9.12 (custom)
unaffected

4.10.24 (custom)
unaffected

Credits

Danh Nguyen (k4it0) from VIB Pentest Team reporter

References

security.docs.wso2.com/...ty-advisories/2025/WSO2-2025-3961/ vendor-advisory

cve.org (CVE-2025-3125)

nvd.nist.gov (CVE-2025-3125)

Download JSON