Home

Description

An authenticated remote code execution (RCE) vulnerability exists in multiple WSO2 products due to improper input validation in the event processor admin service. A user with administrative access to the SOAP admin services can exploit this flaw by deploying a Siddhi execution plan containing malicious Java code, resulting in arbitrary code execution on the server. Exploitation of this vulnerability requires a valid user account with administrative privileges, limiting the attack surface to authenticated but potentially malicious users.

PUBLISHED Reserved 2025-06-05 | Published 2025-09-23 | Updated 2025-10-31 | Assigner WSO2




MEDIUM: 6.8CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-94 Improper Control of Generation of Code ('Code Injection')

Product status

Default status
unaffected

Any version before 3.0.0
unknown

3.0.0 (custom) before 3.0.0.174
affected

3.1.0 (custom) before 3.1.0.330
affected

3.2.0 (custom) before 3.2.0.426
affected

3.2.1 (custom) before 3.2.1.46
affected

4.0.0 (custom) before 4.0.0.344
affected

4.1.0 (custom) before 4.1.0.208
affected

4.2.0 (custom) before 4.2.0.147
affected

4.3.0 (custom) before 4.3.0.59
affected

4.4.0 (custom) before 4.4.0.22
affected

4.5.0 (custom) before 4.5.0.6
affected

Default status
unaffected

Any version before 2.0.0
unknown

2.0.0 (custom) before 2.0.0.379
affected

Default status
unaffected

4.5.0 (custom) before 4.5.0.6
affected

Default status
unaffected

4.5.0 (custom) before 4.5.0.6
affected

Default status
unknown

3.2.6 (custom) before 3.2.6.8
affected

3.2.7 (custom) before 3.2.7.6
affected

3.2.8 (custom) before 3.2.8.3
affected

3.2.10 (custom) before 3.2.10.1
affected

3.2.13 (custom) before 3.2.13.2
affected

3.2.14 (custom) before 3.2.14.1
affected

3.2.15 (custom)
unaffected

Credits

Noël MACCARY reporter

References

security.docs.wso2.com/...ty-advisories/2025/WSO2-2025-4119/ vendor-advisory

cve.org (CVE-2025-5717)

nvd.nist.gov (CVE-2025-5717)

Download JSON