4 matches found
CVE-2025-2905
Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity XXE resolution in multiple WSO2 Products. A successful XXE attack could allow a remote, unauthenticated attacker to: Read sensitive files from the...
CVE-2025-2905
creationtimestamp| type| source ---|---|--- 2025-05-05 09:18:55+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/14842 2025-05-05 10:21:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3log5hwunmf2o 2025-05-05 13:01:47+00:00| seen|...
CVE-2025-2905
The CVE-2025-2905 entry describes an XML External Entity (XXE) vulnerability in the WSO2 API Manager gateway component due to insufficient validation of XML input. The issue allows unauthenticated remote attackers to read server filesystem files and perform denial-of-service (DoS) attacks. Affect...
CVE-2025-2905 An XML External Entity (XXE) vulnerability in Multiple WSO2 Products
Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity XXE resolution in multiple WSO2 Products. A successful XXE attack could allow a remote, unauthenticated attacker to: Read sensitive files from the...