4 matches found
CVE-2025-3125
An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate privileges can upload a malicious file to a user-controlled location on the server, potentially...
CVE-2025-3125 Authenticated Arbitrary File Upload in Multiple WSO2 Products via CarbonAppUploader Admin Service Leading to Remote Code Execution
An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate privileges can upload a malicious file to a user-controlled location on the server, potentially...
CVE-2025-3125
CVE-2025-3125 describes an arbitrary file upload vulnerability in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with administrative privileges can upload a malicious file to a user-controlled location on the serv...
PT-2025-45106
Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description An issue exists where improper input validation in the CarbonAppUploader admin service endpoint allows an authenticated attacker with administrative privileges to upload a malicious fil...