Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2025-10907

🗓️ 05 Nov 2025 18:03:49Reported by WSO2Type 
cve
 cve🔗 web.nvd.nist.gov👁 21 Views

Authenticated file upload in Wso2 SOAP admin services may enable remote code execution by administrators.

Related
Detection
Affected
Refs
NVD
CNA
Node
wso2api_control_planeMatch4.5.0-
OR
wso2api_managerMatch3.1.0
OR
wso2api_managerMatch3.2.0
OR
wso2api_managerMatch3.2.1
OR
wso2api_managerMatch4.0.0
OR
wso2api_managerMatch4.1.0-
OR
wso2api_managerMatch4.2.0-
OR
wso2api_managerMatch4.3.0-
OR
wso2api_managerMatch4.4.0-
OR
wso2api_managerMatch4.5.0-
OR
wso2enterprise_integratorMatch6.6.0
OR
wso2identity_serverMatch5.10.0
OR
wso2identity_serverMatch5.11.0
OR
wso2identity_serverMatch6.0.0-
OR
wso2identity_serverMatch6.1.0-
OR
wso2identity_serverMatch7.0.0-
OR
wso2identity_serverMatch7.1.0-
OR
wso2identity_server_as_key_managerMatch5.10.0
OR
wso2open_banking_amMatch2.0.0
OR
wso2open_banking_iamMatch2.0.0
OR
wso2traffic_managerMatch4.5.0
OR
wso2universal_gatewayMatch4.5.0
[
  {
    "defaultStatus": "unaffected",
    "product": "WSO2 API Manager",
    "vendor": "WSO2",
    "versions": [
      {
        "lessThan": "3.1.0",
        "status": "unknown",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "3.1.0.345",
        "status": "affected",
        "version": "3.1.0",
        "versionType": "custom"
      },
      {
        "lessThan": "3.2.0.448",
        "status": "affected",
        "version": "3.2.0",
        "versionType": "custom"
      },
      {
        "lessThan": "3.2.1.66",
        "status": "affected",
        "version": "3.2.1",
        "versionType": "custom"
      },
      {
        "lessThan": "4.0.0.367",
        "status": "affected",
        "version": "4.0.0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.1.0.230",
        "status": "affected",
        "version": "4.1.0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.2.0.169",
        "status": "affected",
        "version": "4.2.0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.3.0.81",
        "status": "affected",
        "version": "4.3.0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.4.0.45",
        "status": "affected",
        "version": "4.4.0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.5.0.28",
        "status": "affected",
        "version": "4.5.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "WSO2 Open Banking IAM",
    "vendor": "WSO2",
    "versions": [
      {
        "lessThan": "2.0.0",
        "status": "unknown",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "2.0.0.414",
        "status": "affected",
        "version": "2.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "WSO2 Open Banking AM",
    "vendor": "WSO2",
    "versions": [
      {
        "lessThan": "2.0.0",
        "status": "unknown",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "2.0.0.394",
        "status": "affected",
        "version": "2.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "WSO2 API Control Plane",
    "vendor": "WSO2",
    "versions": [
      {
        "lessThan": "4.5.0.29",
        "status": "affected",
        "version": "4.5.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "WSO2 Universal Gateway",
    "vendor": "WSO2",
    "versions": [
      {
        "lessThan": "4.5.0.27",
        "status": "affected",
        "version": "4.5.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "WSO2 Traffic Manager",
    "vendor": "WSO2",
    "versions": [
      {
        "lessThan": "4.5.0.27",
        "status": "affected",
        "version": "4.5.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "WSO2 Micro Integrator",
    "vendor": "WSO2",
    "versions": [
      {
        "lessThan": "4.0.0",
        "status": "unknown",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.0.0.145",
        "status": "affected",
        "version": "4.0.0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.1.0.147",
        "status": "affected",
        "version": "4.1.0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.2.0.141",
        "status": "affected",
        "version": "4.2.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "WSO2 Identity Server",
    "vendor": "WSO2",
    "versions": [
      {
        "lessThan": "5.10.0",
        "status": "unknown",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "5.10.0.375",
        "status": "affected",
        "version": "5.10.0",
        "versionType": "custom"
      },
      {
        "lessThan": "5.11.0.419",
        "status": "affected",
        "version": "5.11.0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.0.0.248",
        "status": "affected",
        "version": "6.0.0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.1.0.248",
        "status": "affected",
        "version": "6.1.0",
        "versionType": "custom"
      },
      {
        "lessThan": "7.0.0.124",
        "status": "affected",
        "version": "7.0.0",
        "versionType": "custom"
      },
      {
        "lessThan": "7.1.0.31",
        "status": "affected",
        "version": "7.1.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "WSO2 Identity Server as Key Manager",
    "vendor": "WSO2",
    "versions": [
      {
        "lessThan": "5.10.0",
        "status": "unknown",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "5.10.0.365",
        "status": "affected",
        "version": "5.10.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "WSO2 Enterprise Integrator",
    "vendor": "WSO2",
    "versions": [
      {
        "lessThan": "6.6.0",
        "status": "unknown",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.6.0.224",
        "status": "affected",
        "version": "6.6.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unknown",
    "packageName": "org.jaggeryjs:org.jaggeryjs.jaggery.app.mgt",
    "product": "org.jaggeryjs:org.jaggeryjs.jaggery.app.mgt",
    "vendor": "WSO2",
    "versions": [
      {
        "lessThan": "0.14.13.8",
        "status": "affected",
        "version": "0.14.13",
        "versionType": "custom"
      },
      {
        "lessThan": "0.14.16.1",
        "status": "affected",
        "version": "0.14.16",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unknown",
    "packageName": "org.wso2.carbon.event-processing:org.wso2.carbon.event.simulator.core",
    "product": "org.wso2.carbon.event-processing:org.wso2.carbon.event.simulator.core",
    "vendor": "WSO2",
    "versions": [
      {
        "lessThan": "2.2.14.7",
        "status": "affected",
        "version": "2.2.14",
        "versionType": "custom"
      },
      {
        "lessThan": "2.2.17.2",
        "status": "affected",
        "version": "2.2.17",
        "versionType": "custom"
      },
      {
        "lessThan": "2.3.1.3",
        "status": "affected",
        "version": "2.3.1",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "version": "2.3.19",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unknown",
    "packageName": "org.wso2.carbon.mediation:org.wso2.carbon.mediation.library",
    "product": "org.wso2.carbon.mediation:org.wso2.carbon.mediation.library",
    "vendor": "WSO2",
    "versions": [
      {
        "lessThan": "4.7.30.47",
        "status": "affected",
        "version": "4.7.30",
        "versionType": "custom"
      },
      {
        "lessThan": "4.7.61.62",
        "status": "affected",
        "version": "4.7.61",
        "versionType": "custom"
      },
      {
        "lessThan": "4.7.99.304",
        "status": "affected",
        "version": "4.7.99",
        "versionType": "custom"
      },
      {
        "lessThan": "4.7.131.22",
        "status": "affected",
        "version": "4.7.131",
        "versionType": "custom"
      },
      {
        "lessThan": "4.7.175.30",
        "status": "affected",
        "version": "4.7.175",
        "versionType": "custom"
      },
      {
        "lessThan": "4.7.188.12",
        "status": "affected",
        "version": "4.7.188",
        "versionType": "custom"
      },
      {
        "lessThan": "4.7.204.13",
        "status": "affected",
        "version": "4.7.204",
        "versionType": "custom"
      },
      {
        "lessThan": "4.7.221.7",
        "status": "affected",
        "version": "4.7.221",
        "versionType": "custom"
      },
      {
        "lessThan": "4.7.245.7",
        "status": "affected",
        "version": "4.7.245",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "version": "4.7.262",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unknown",
    "packageName": "org.wso2.carbon.deployment:org.wso2.carbon.module.mgt",
    "product": "org.wso2.carbon.deployment:org.wso2.carbon.module.mgt",
    "vendor": "WSO2",
    "versions": [
      {
        "lessThan": "4.9.15.2",
        "status": "affected",
        "version": "4.9.15",
        "versionType": "custom"
      },
      {
        "lessThan": "4.10.1.1",
        "status": "affected",
        "version": "4.10.1",
        "versionType": "custom"
      },
      {
        "lessThan": "4.10.9.2",
        "status": "affected",
        "version": "4.10.9",
        "versionType": "custom"
      },
      {
        "lessThan": "4.11.1.3",
        "status": "affected",
        "version": "4.11.1",
        "versionType": "custom"
      },
      {
        "lessThan": "4.11.3.3",
        "status": "affected",
        "version": "4.11.3",
        "versionType": "custom"
      },
      {
        "lessThan": "4.11.7.5",
        "status": "affected",
        "version": "4.11.7",
        "versionType": "custom"
      },
      {
        "lessThan": "4.11.14.2",
        "status": "affected",
        "version": "4.11.14",
        "versionType": "custom"
      },
      {
        "lessThan": "4.11.17.3",
        "status": "affected",
        "version": "4.11.17",
        "versionType": "custom"
      },
      {
        "lessThan": "4.11.18.1",
        "status": "affected",
        "version": "4.11.18",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "version": "4.11.24",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unknown",
    "packageName": "org.wso2.carbon.deployment:org.wso2.carbon.webapp.mgt",
    "product": "org.wso2.carbon.deployment:org.wso2.carbon.webapp.mgt",
    "vendor": "WSO2",
    "versions": [
      {
        "lessThan": "4.10.1.1",
        "status": "affected",
        "version": "4.10.1",
        "versionType": "custom"
      },
      {
        "lessThan": "4.10.9.2",
        "status": "affected",
        "version": "4.10.9",
        "versionType": "custom"
      },
      {
        "lessThan": "4.11.1.3",
        "status": "affected",
        "version": "4.11.1",
        "versionType": "custom"
      },
      {
        "lessThan": "4.11.3.3",
        "status": "affected",
        "version": "4.11.3",
        "versionType": "custom"
      },
      {
        "lessThan": "4.11.7.5",
        "status": "affected",
        "version": "4.11.7",
        "versionType": "custom"
      },
      {
        "lessThan": "4.11.14.2",
        "status": "affected",
        "version": "4.11.14",
        "versionType": "custom"
      },
      {
        "lessThan": "4.11.17.3",
        "status": "affected",
        "version": "4.11.17",
        "versionType": "custom"
      },
      {
        "lessThan": "4.11.18.1",
        "status": "affected",
        "version": "4.11.18",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "version": "4.11.24",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unknown",
    "packageName": "org.apache.ws.commons.axiom.wso2:axiom",
    "product": "org.apache.ws.commons.axiom.wso2:axiom",
    "vendor": "WSO2",
    "versions": [
      {
        "lessThan": "1.2.11.wso2v17_5",
        "status": "affected",
        "version": "1.2.11",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "version": "1.2.11-wso2v21",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unknown",
    "packageName": "org.wso2.carbon:org.wso2.carbon.base",
    "product": "org.wso2.carbon:org.wso2.carbon.base",
    "vendor": "WSO2",
    "versions": [
      {
        "lessThan": "4.5.3.46",
        "status": "affected",
        "version": "4.5.3",
        "versionType": "custom"
      },
      {
        "lessThan": "4.6.0.2005",
        "status": "affected",
        "version": "4.6.0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.6.1.153",
        "status": "affected",
        "version": "4.6.1",
        "versionType": "custom"
      },
      {
        "lessThan": "4.6.2.668",
        "status": "affected",
        "version": "4.6.2",
        "versionType": "custom"
      },
      {
        "lessThan": "4.6.3.37",
        "status": "affected",
        "version": "4.6.3",
        "versionType": "custom"
      },
      {
        "lessThan": "4.6.4.15",
        "status": "affected",
        "version": "4.6.4",
        "versionType": "custom"
      },
      {
        "lessThan": "4.7.1.72",
        "status": "affected",
        "version": "4.7.1",
        "versionType": "custom"
      },
      {
        "lessThan": "4.8.1.40",
        "status": "affected",
        "version": "4.8.1",
        "versionType": "custom"
      },
      {
        "lessThan": "4.9.0.103",
        "status": "affected",
        "version": "4.9.0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.9.26.26",
        "status": "affected",
        "version": "4.9.26",
        "versionType": "custom"
      },
      {
        "lessThan": "4.9.27.11",
        "status": "affected",
        "version": "4.9.27",
        "versionType": "custom"
      },
      {
        "lessThan": "4.9.28.12",
        "status": "affected",
        "version": "4.9.28",
        "versionType": "custom"
      },
      {
        "lessThan": "4.10.9.71",
        "status": "affected",
        "version": "4.10.9",
        "versionType": "custom"
      },
      {
        "lessThan": "4.10.42.14",
        "status": "affected",
        "version": "4.10.42",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "4.9.*",
        "status": "unaffected",
        "version": "4.9.30",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "version": "4.10.95",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unknown",
    "packageName": "org.wso2.carbon:org.wso2.carbon.utils",
    "product": "org.wso2.carbon:org.wso2.carbon.utils",
    "vendor": "WSO2",
    "versions": [
      {
        "lessThan": "4.5.3.46",
        "status": "affected",
        "version": "4.5.3",
        "versionType": "custom"
      },
      {
        "lessThan": "4.6.0.2005",
        "status": "affected",
        "version": "4.6.0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.6.1.153",
        "status": "affected",
        "version": "4.6.1",
        "versionType": "custom"
      },
      {
        "lessThan": "4.6.2.668",
        "status": "affected",
        "version": "4.6.2",
        "versionType": "custom"
      },
      {
        "lessThan": "4.6.3.37",
        "status": "affected",
        "version": "4.6.3",
        "versionType": "custom"
      },
      {
        "lessThan": "4.6.4.15",
        "status": "affected",
        "version": "4.6.4",
        "versionType": "custom"
      },
      {
        "lessThan": "4.7.1.72",
        "status": "affected",
        "version": "4.7.1",
        "versionType": "custom"
      },
      {
        "lessThan": "4.8.1.40",
        "status": "affected",
        "version": "4.8.1",
        "versionType": "custom"
      },
      {
        "lessThan": "4.9.0.103",
        "status": "affected",
        "version": "4.9.0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.9.26.26",
        "status": "affected",
        "version": "4.9.26",
        "versionType": "custom"
      },
      {
        "lessThan": "4.9.27.11",
        "status": "affected",
        "version": "4.9.27",
        "versionType": "custom"
      },
      {
        "lessThan": "4.9.28.12",
        "status": "affected",
        "version": "4.9.28",
        "versionType": "custom"
      },
      {
        "lessThan": "4.10.9.71",
        "status": "affected",
        "version": "4.10.9",
        "versionType": "custom"
      },
      {
        "lessThan": "4.10.42.14",
        "status": "affected",
        "version": "4.10.42",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "4.9.*",
        "status": "unaffected",
        "version": "4.9.30",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "version": "4.10.95",
        "versionType": "custom"
      }
    ]
  }
]

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Jun 2026 08:29Current
7.9High risk
Vulners AI Score7.9
CVSS 3.17.2 - 8.4
EPSS0.00518
SSVC
CWE-434
authenticated accessfile uploadwso2 productssoap admin servicesremote code executionadministrative privileges
21