Home
CRITICAL: 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HHIGH: 8.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:LDefault status
unaffected
Any version before 5.3.0
unknown
5.3.0 (custom) before 5.3.0.41
affected
5.5.0 (custom) before 5.5.0.53
affected
5.6.0 (custom) before 5.6.0.75
affected
5.7.0 (custom) before 5.7.0.125
affected
5.9.0 (custom) before 5.9.0.176
affected
5.10.0 (custom) before 5.10.0.359
affected
Default status
unaffected
Any version before 5.2.0
unknown
5.2.0 (custom) before 5.2.0.34
affected
5.3.0 (custom) before 5.3.0.36
affected
5.4.0 (custom) before 5.4.0.34
affected
5.4.1 (custom) before 5.4.1.38
affected
5.5.0 (custom) before 5.5.0.52
affected
5.6.0 (custom) before 5.6.0.60
affected
5.7.0 (custom) before 5.7.0.126
affected
5.8.0 (custom) before 5.8.0.110
affected
5.9.0 (custom) before 5.9.0.169
affected
5.10.0 (custom) before 5.10.0.369
affected
5.11.0 (custom) before 5.11.0.413
affected
6.0.0 (custom) before 6.0.0.244
affected
6.1.0 (custom) before 6.1.0.243
affected
7.0.0 (custom) before 7.0.0.118
affected
7.1.0 (custom) before 7.1.0.25
affected
Default status
unaffected
Any version before 1.4.0
unknown
1.4.0 (custom) before 1.4.0.133
affected
1.5.0 (custom) before 1.5.0.123
affected
Default status
unaffected
Any version before 2.0.0
unknown
2.0.0 (custom) before 2.0.0.409
affected
Default status
unaffected
Any version before 1.4.0
unknown
1.4.0 (custom) before 1.4.0.139
affected
1.5.0 (custom) before 1.5.0.140
affected
2.0.0 (custom) before 2.0.0.389
affected
Default status
unaffected
Any version before 2.0.0
unknown
2.0.0 (custom) before 2.0.0.31
affected
2.1.0 (custom) before 2.1.0.40
affected
2.2.0 (custom) before 2.2.0.59
affected
2.5.0 (custom) before 2.5.0.85
affected
2.6.0 (custom) before 2.6.0.146
affected
3.0.0 (custom) before 3.0.0.176
affected
3.1.0 (custom) before 3.1.0.340
affected
3.2.0 (custom) before 3.2.0.441
affected
3.2.1 (custom) before 3.2.1.61
affected
4.0.0 (custom) before 4.0.0.361
affected
4.1.0 (custom) before 4.1.0.224
affected
4.2.0 (custom) before 4.2.0.162
affected
4.3.0 (custom) before 4.3.0.75
affected
4.4.0 (custom) before 4.4.0.39
affected
4.5.0 (custom) before 4.5.0.23
affected
Default status
unaffected
Any version before 5.2.0
unknown
5.2.0 (custom) before 5.2.0.19
affected
5.3.0 (custom) before 5.3.0.17
affected
5.5.0 (custom) before 5.5.0.31
affected
5.6.0 (custom) before 5.6.0.38
affected
Default status
unaffected
Any version before 2.0.0
unknown
2.0.0 (custom) before 2.0.0.14
affected
2.1.0 (custom) before 2.1.0.19
affected
2.2.0 (custom) before 2.2.0.30
affected
2.5.0 (custom) before 2.5.0.39
affected
Default status
unaffected
Any version before 6.2.0
unknown
6.2.0 (custom) before 6.2.0.62
affected
6.3.0 (custom) before 6.3.0.70
affected
Default status
unaffected
Any version before 5.0.0
unknown
5.0.0 (custom) before 5.0.0.13
affected
Default status
unaffected
Any version before 3.1.0
unknown
3.1.0 (custom) before 3.1.0.20
affected
3.2.0 (custom) before 3.2.0.33
affected
Default status
unaffected
Any version before 2.2.0
unknown
2.2.0 (custom) before 2.2.0.28
affected
Default status
unaffected
4.5.0 (custom) before 4.5.0.22
affected
Default status
unaffected
4.5.0 (custom) before 4.5.0.24
affected
Default status
unaffected
4.5.0 (custom) before 4.5.0.22
affected
Default status
unknown
2.0.10 (custom) before 2.0.10.1
affected
2.0.15 (custom) before 2.0.15.1
affected
2.0.21 (custom) before 2.0.21.1
affected
2.0.22 (custom) before 2.0.22.1
affected
2.1.12 (custom) before 2.1.12.1
affected
2.1 (custom) before 2.1.1972
affected
2.2 (custom) before 2.2.24
affected
2.2 (custom) before 2.2.25
affected
3.1.0 (custom) before 3.1.0.74
affected
3.3.6 (custom) before 3.3.6.7
affected
3.3.26 (custom) before 3.3.26.2
affected
3.3.35 (custom) before 3.3.35.1
affected
3.3.41 (custom)
unaffected
Default status
unknown
6.7.206 (custom) before 6.7.206.567
affected
6.7.210 (custom) before 6.7.210.63
affected
9.0.174 (custom) before 9.0.174.522
affected
9.20.74 (custom) before 9.20.74.379
affected
9.28.116 (custom) before 9.28.116.360
affected
9.29.120 (custom) before 9.29.120.184
affected
9.30.67 (custom) before 9.30.67.109
affected
9.31.86 (custom) before 9.31.86.71
affected
9.32.133 (custom)
unaffected
Default status
unknown
4.4.7 (custom) before 4.4.7.6
affected
4.4.9 (custom) before 4.4.9.11
affected
4.4.11 (custom) before 4.4.11.9
affected
4.4.26 (custom) before 4.4.26.12
affected
4.4.35 (custom) before 4.4.35.44
affected
4.5.1 (custom) before 4.5.1.43
affected
4.6.0 (custom) before 4.6.0.1990
affected
4.6.1 (custom) before 4.6.1.149
affected
4.6.2 (custom) before 4.6.2.667
affected
4.6.3 (custom) before 4.6.3.36
affected
4.6.4 (custom) before 4.6.4.14
affected
4.7.1 (custom) before 4.7.1.68
affected
4.8.1 (custom) before 4.8.1.39
affected
4.9.0 (custom) before 4.9.0.99
affected
4.9.26 (custom) before 4.9.26.25
affected
4.9.27 (custom) before 4.9.27.10
affected
4.9.28 (custom) before 4.9.28.11
affected
4.10.9 (custom) before 4.10.9.66
affected
4.10.42 (custom) before 4.10.42.9
affected
4.9 (custom) before 4.9.29
affected
4.10 (custom) before 4.10.94
affected
Default status
unknown
5.2.0 (custom) before 5.2.0.4
affected
5.2.2 (custom) before 5.2.2.21
affected
5.7.5 (custom) before 5.7.5.18
affected
5.11.148 (custom) before 5.11.148.19
affected
5.11.256 (custom) before 5.11.256.21
affected
5.12.153 (custom) before 5.12.153.63
affected
5.12.387 (custom) before 5.12.387.46
affected
5.14.97 (custom) before 5.14.97.89
affected
5.17.5 (custom) before 5.17.5.317
affected
5.17.118 (custom) before 5.17.118.17
affected
5.18.187 (custom) before 5.18.187.309
affected
5.18.248 (custom) before 5.18.248.30
affected
5.23.8 (custom) before 5.23.8.207
affected
5.24.8 (custom) before 5.24.8.23
affected
5.25.92 (custom) before 5.25.92.152
affected
5.25.705 (custom) before 5.25.705.19
affected
5.25.713 (custom) before 5.25.713.9
affected
5.25.724 (custom) before 5.25.724.3
affected
7.0.78 (custom) before 7.0.78.133
affected
7.8.23 (custom) before 7.8.23.47
affected
5.25 (custom) before 5.25.734
affected
7.8.489 (custom)
unaffected
Default status
unknown
4.4.7 (custom) before 4.4.7.6
affected
4.4.9 (custom) before 4.4.9.11
affected
4.4.11 (custom) before 4.4.11.9
affected
4.4.26 (custom) before 4.4.26.12
affected
4.4.32 (custom) before 4.4.32.16
affected
4.4.35 (custom) before 4.4.35.44
affected
4.5.1 (custom) before 4.5.1.43
affected
4.6.0 (custom) before 4.6.0.1990
affected
4.6.1 (custom) before 4.6.1.149
affected
4.6.2 (custom) before 4.6.2.667
affected
4.6.3 (custom) before 4.6.3.36
affected
4.6.4 (custom) before 4.6.4.14
affected
4.7.1 (custom) before 4.7.1.68
affected
4.8.1 (custom) before 4.8.1.39
affected
4.9.0 (custom) before 4.9.0.99
affected
4.9.26 (custom) before 4.9.26.25
affected
4.9.27 (custom) before 4.9.27.10
affected
4.9.28 (custom) before 4.9.28.11
affected
4.10.9 (custom) before 4.10.9.66
affected
4.10.42 (custom) before 4.10.42.9
affected
4.9 (custom) before 4.9.29
affected
4.10 (custom) before 4.10.94
affected
Default status
unknown
5.1.1 (custom) before 5.1.1.1
affected
5.1.2 (custom) before 5.1.2.1
affected
5.1.5 (custom) before 5.1.5.1
affected
5.3.3 (custom) before 5.3.3.1
affected
5.4.0 (custom) before 5.4.0.4
affected
5.4.1 (custom) before 5.4.1.5
affected
5.6.0 (custom) before 5.6.0.1
affected
5.6.21 (custom)
unaffected
Description
An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized operations, including accessing server-level information. This vulnerability affects only internal administrative interfaces. APIs exposed through the WSO2 API Manager's API Gateway remain unaffected.
For WSO2 API Manager
For WSO2 Identity Server
Product status
Any version before 5.3.0
5.3.0 (custom) before 5.3.0.41
5.5.0 (custom) before 5.5.0.53
5.6.0 (custom) before 5.6.0.75
5.7.0 (custom) before 5.7.0.125
5.9.0 (custom) before 5.9.0.176
5.10.0 (custom) before 5.10.0.359
Any version before 5.2.0
5.2.0 (custom) before 5.2.0.34
5.3.0 (custom) before 5.3.0.36
5.4.0 (custom) before 5.4.0.34
5.4.1 (custom) before 5.4.1.38
5.5.0 (custom) before 5.5.0.52
5.6.0 (custom) before 5.6.0.60
5.7.0 (custom) before 5.7.0.126
5.8.0 (custom) before 5.8.0.110
5.9.0 (custom) before 5.9.0.169
5.10.0 (custom) before 5.10.0.369
5.11.0 (custom) before 5.11.0.413
6.0.0 (custom) before 6.0.0.244
6.1.0 (custom) before 6.1.0.243
7.0.0 (custom) before 7.0.0.118
7.1.0 (custom) before 7.1.0.25
Any version before 1.4.0
1.4.0 (custom) before 1.4.0.133
1.5.0 (custom) before 1.5.0.123
Any version before 2.0.0
2.0.0 (custom) before 2.0.0.409
Any version before 1.4.0
1.4.0 (custom) before 1.4.0.139
1.5.0 (custom) before 1.5.0.140
2.0.0 (custom) before 2.0.0.389
Any version before 2.0.0
2.0.0 (custom) before 2.0.0.31
2.1.0 (custom) before 2.1.0.40
2.2.0 (custom) before 2.2.0.59
2.5.0 (custom) before 2.5.0.85
2.6.0 (custom) before 2.6.0.146
3.0.0 (custom) before 3.0.0.176
3.1.0 (custom) before 3.1.0.340
3.2.0 (custom) before 3.2.0.441
3.2.1 (custom) before 3.2.1.61
4.0.0 (custom) before 4.0.0.361
4.1.0 (custom) before 4.1.0.224
4.2.0 (custom) before 4.2.0.162
4.3.0 (custom) before 4.3.0.75
4.4.0 (custom) before 4.4.0.39
4.5.0 (custom) before 4.5.0.23
Any version before 5.2.0
5.2.0 (custom) before 5.2.0.19
5.3.0 (custom) before 5.3.0.17
5.5.0 (custom) before 5.5.0.31
5.6.0 (custom) before 5.6.0.38
Any version before 2.0.0
2.0.0 (custom) before 2.0.0.14
2.1.0 (custom) before 2.1.0.19
2.2.0 (custom) before 2.2.0.30
2.5.0 (custom) before 2.5.0.39
Any version before 6.2.0
6.2.0 (custom) before 6.2.0.62
6.3.0 (custom) before 6.3.0.70
Any version before 5.0.0
5.0.0 (custom) before 5.0.0.13
Any version before 3.1.0
3.1.0 (custom) before 3.1.0.20
3.2.0 (custom) before 3.2.0.33
Any version before 2.2.0
2.2.0 (custom) before 2.2.0.28
4.5.0 (custom) before 4.5.0.22
4.5.0 (custom) before 4.5.0.24
4.5.0 (custom) before 4.5.0.22
2.0.10 (custom) before 2.0.10.1
2.0.15 (custom) before 2.0.15.1
2.0.21 (custom) before 2.0.21.1
2.0.22 (custom) before 2.0.22.1
2.1.12 (custom) before 2.1.12.1
2.1 (custom) before 2.1.1972
2.2 (custom) before 2.2.24
2.2 (custom) before 2.2.25
3.1.0 (custom) before 3.1.0.74
3.3.6 (custom) before 3.3.6.7
3.3.26 (custom) before 3.3.26.2
3.3.35 (custom) before 3.3.35.1
3.3.41 (custom)
6.7.206 (custom) before 6.7.206.567
6.7.210 (custom) before 6.7.210.63
9.0.174 (custom) before 9.0.174.522
9.20.74 (custom) before 9.20.74.379
9.28.116 (custom) before 9.28.116.360
9.29.120 (custom) before 9.29.120.184
9.30.67 (custom) before 9.30.67.109
9.31.86 (custom) before 9.31.86.71
9.32.133 (custom)
4.4.7 (custom) before 4.4.7.6
4.4.9 (custom) before 4.4.9.11
4.4.11 (custom) before 4.4.11.9
4.4.26 (custom) before 4.4.26.12
4.4.35 (custom) before 4.4.35.44
4.5.1 (custom) before 4.5.1.43
4.6.0 (custom) before 4.6.0.1990
4.6.1 (custom) before 4.6.1.149
4.6.2 (custom) before 4.6.2.667
4.6.3 (custom) before 4.6.3.36
4.6.4 (custom) before 4.6.4.14
4.7.1 (custom) before 4.7.1.68
4.8.1 (custom) before 4.8.1.39
4.9.0 (custom) before 4.9.0.99
4.9.26 (custom) before 4.9.26.25
4.9.27 (custom) before 4.9.27.10
4.9.28 (custom) before 4.9.28.11
4.10.9 (custom) before 4.10.9.66
4.10.42 (custom) before 4.10.42.9
4.9 (custom) before 4.9.29
4.10 (custom) before 4.10.94
5.2.0 (custom) before 5.2.0.4
5.2.2 (custom) before 5.2.2.21
5.7.5 (custom) before 5.7.5.18
5.11.148 (custom) before 5.11.148.19
5.11.256 (custom) before 5.11.256.21
5.12.153 (custom) before 5.12.153.63
5.12.387 (custom) before 5.12.387.46
5.14.97 (custom) before 5.14.97.89
5.17.5 (custom) before 5.17.5.317
5.17.118 (custom) before 5.17.118.17
5.18.187 (custom) before 5.18.187.309
5.18.248 (custom) before 5.18.248.30
5.23.8 (custom) before 5.23.8.207
5.24.8 (custom) before 5.24.8.23
5.25.92 (custom) before 5.25.92.152
5.25.705 (custom) before 5.25.705.19
5.25.713 (custom) before 5.25.713.9
5.25.724 (custom) before 5.25.724.3
7.0.78 (custom) before 7.0.78.133
7.8.23 (custom) before 7.8.23.47
5.25 (custom) before 5.25.734
7.8.489 (custom)
4.4.7 (custom) before 4.4.7.6
4.4.9 (custom) before 4.4.9.11
4.4.11 (custom) before 4.4.11.9
4.4.26 (custom) before 4.4.26.12
4.4.32 (custom) before 4.4.32.16
4.4.35 (custom) before 4.4.35.44
4.5.1 (custom) before 4.5.1.43
4.6.0 (custom) before 4.6.0.1990
4.6.1 (custom) before 4.6.1.149
4.6.2 (custom) before 4.6.2.667
4.6.3 (custom) before 4.6.3.36
4.6.4 (custom) before 4.6.4.14
4.7.1 (custom) before 4.7.1.68
4.8.1 (custom) before 4.8.1.39
4.9.0 (custom) before 4.9.0.99
4.9.26 (custom) before 4.9.26.25
4.9.27 (custom) before 4.9.27.10
4.9.28 (custom) before 4.9.28.11
4.10.9 (custom) before 4.10.9.66
4.10.42 (custom) before 4.10.42.9
4.9 (custom) before 4.9.29
4.10 (custom) before 4.10.94
5.1.1 (custom) before 5.1.1.1
5.1.2 (custom) before 5.1.2.1
5.1.5 (custom) before 5.1.5.1
5.3.3 (custom) before 5.3.3.1
5.4.0 (custom) before 5.4.0.4
5.4.1 (custom) before 5.4.1.5
5.6.0 (custom) before 5.6.0.1
5.6.21 (custom)
Credits
crnković
References
security.docs.wso2.com/...ty-advisories/2025/WSO2-2025-4503/
