2 matches found
CVE-2025-0663
A cross-tenant authentication vulnerability exists in multiple WSO2 products due to improper cryptographic design in Adaptive Authentication. A single cryptographic key is used across all tenants to sign authentication cookies, allowing a privileged user in one tenant to forge authentication...
CVE-2025-0663
Summary: CVE-2025-0663 describes a cross-tenant authentication vulnerability in multiple WSO2 products due to a single cryptographic key used across all tenants to sign authentication cookies in Adaptive Authentication. This design flaw can allow a privileged user in one tenant to forge cookies f...