EUVD-2025-197988

A missing authentication enforcement vulnerability exists in the mutual TLS mTLS implementation used by System REST APIs and SOAP services in multiple WSO2 products. Due to improper validation of client certificate–based authentication in certain default configurations, the affected components ma...

CVE-2025-9312

CVE-2025-9312 relates to a missing authentication enforcement in WSO2 products’ mTLS implementation used by System REST APIs and SOAP services. The root cause is improper validation of client certificate–based authentication under certain default configurations, allowing unauthenticated requests ...

CVE-2025-9312 Improper Certificate-Based Authentication Enforcement in Multiple WSO2 Products

A missing authentication enforcement vulnerability exists in the mutual TLS mTLS implementation used by System REST APIs and SOAP services in multiple WSO2 products. Due to improper validation of client certificate–based authentication in certain default configurations, the affected components ma...

EUVD-2025-34754

An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized operations, including accessing server-level...

CVE-2025-9804

An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized operations, including accessing server-level...

CVE-2025-9804

The CVE-2025-9804 entry concerns multiple WSO2 products (e.g., API Manager family) with an improper access-control flaw due to insufficient permission enforcement in internal SOAP Admin Services and System REST APIs. The root cause is limited access-control checks on internal interfaces, allowing...