{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-5605", "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "state": "PUBLISHED", "assignerShortName": "WSO2", "dateReserved": "2025-06-04T10:51:11.459Z", "datePublished": "2025-10-24T10:09:59.591Z", "dateUpdated": "2025-10-24T11:44:58.987Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "WSO2 Identity Server", "vendor": "WSO2", "versions": [{"lessThan": "5.10.0", "status": "unknown", "version": "0", "versionType": "custom"}, {"lessThan": "5.10.0.361", "status": "affected", "version": "5.10.0", "versionType": "custom"}, {"lessThan": "5.11.0.414", "status": "affected", "version": "5.11.0", "versionType": "custom"}, {"lessThan": "6.0.0.245", "status": "affected", "version": "6.0.0", "versionType": "custom"}, {"lessThan": "6.1.0.244", "status": "affected", "version": "6.1.0", "versionType": "custom"}, {"lessThan": "7.0.0.119", "status": "affected", "version": "7.0.0", "versionType": "custom"}, {"lessThan": "7.1.0.25", "status": "affected", "version": "7.1.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "WSO2 Enterprise Integrator", "vendor": "WSO2", "versions": [{"lessThan": "6.6.0", "status": "unknown", "version": "0", "versionType": "custom"}, {"lessThan": "6.6.0.217", "status": "affected", "version": "6.6.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "WSO2 Universal Gateway", "vendor": "WSO2", "versions": [{"lessThan": "4.5.0.10", "status": "affected", "version": "4.5.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "WSO2 Traffic Manager", "vendor": "WSO2", "versions": [{"lessThan": "4.5.0.10", "status": "affected", "version": "4.5.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "WSO2 API Manager", "vendor": "WSO2", "versions": [{"lessThan": "3.1.0", "status": "unknown", "version": "0", "versionType": "custom"}, {"lessThan": "3.1.0.334", "status": "affected", "version": "3.1.0", "versionType": "custom"}, {"lessThan": "3.2.0.430", "status": "affected", "version": "3.2.0", "versionType": "custom"}, {"lessThan": "3.2.1.48", "status": "affected", "version": "3.2.1", "versionType": "custom"}, {"lessThan": "4.0.0.346", "status": "affected", "version": "4.0.0", "versionType": "custom"}, {"lessThan": "4.1.0.210", "status": "affected", "version": "4.1.0", "versionType": "custom"}, {"lessThan": "4.2.0.148", "status": "affected", "version": "4.2.0", "versionType": "custom"}, {"lessThan": "4.3.0.61", "status": "affected", "version": "4.3.0", "versionType": "custom"}, {"lessThan": "4.4.0.24", "status": "affected", "version": "4.4.0", "versionType": "custom"}, {"lessThan": "4.5.0.10", "status": "affected", "version": "4.5.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "WSO2 API Control Plane", "vendor": "WSO2", "versions": [{"lessThan": "4.5.0.11", "status": "affected", "version": "4.5.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "WSO2 Identity Server as Key Manager", "vendor": "WSO2", "versions": [{"lessThan": "5.10.0", "status": "unknown", "version": "0", "versionType": "custom"}, {"lessThan": "5.10.0.354", "status": "affected", "version": "5.10.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "WSO2 Open Banking AM", "vendor": "WSO2", "versions": [{"lessThan": "2.0.0", "status": "unknown", "version": "0", "versionType": "custom"}, {"lessThan": "2.0.0.382", "status": "affected", "version": "2.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "WSO2 Open Banking IAM", "vendor": "WSO2", "versions": [{"lessThan": "2.0.0", "status": "unknown", "version": "0", "versionType": "custom"}, {"lessThan": "2.0.0.403", "status": "affected", "version": "2.0.0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "packageName": "org.wso2.carbon:org.wso2.carbon.ui", "product": "org.wso2.carbon:org.wso2.carbon.ui", "vendor": "WSO2", "versions": [{"lessThan": "4.5.3.40", "status": "affected", "version": "4.5.3", "versionType": "custom"}, {"lessThan": "4.6.0.1224", "status": "affected", "version": "4.6.0", "versionType": "custom"}, {"lessThan": "4.6.1.150", "status": "affected", "version": "4.6.1", "versionType": "custom"}, {"lessThan": "4.6.2.664", "status": "affected", "version": "4.6.2", "versionType": "custom"}, {"lessThan": "4.6.3.32", "status": "affected", "version": "4.6.3", "versionType": "custom"}, {"lessThan": "4.6.4.8", "status": "affected", "version": "4.6.4", "versionType": "custom"}, {"lessThan": "4.7.1.69", "status": "affected", "version": "4.7.1", "versionType": "custom"}, {"lessThan": "4.8.1.33", "status": "affected", "version": "4.8.1", "versionType": "custom"}, {"lessThan": "4.9.0.100", "status": "affected", "version": "4.9.0", "versionType": "custom"}, {"lessThan": "4.9.26.20", "status": "affected", "version": "4.9.26", "versionType": "custom"}, {"lessThan": "4.9.27.4", "status": "affected", "version": "4.9.27", "versionType": "custom"}, {"lessThan": "4.9.28.4", "status": "affected", "version": "4.9.28", "versionType": "custom"}, {"lessThan": "4.10.9.68", "status": "affected", "version": "4.10.9", "versionType": "custom"}, {"lessThan": "4.10.42.10", "status": "affected", "version": "4.10.42", "versionType": "custom"}, {"lessThanOrEqual": "4.9.*", "status": "unaffected", "version": "4.9.29", "versionType": "custom"}, {"lessThanOrEqual": "*", "status": "unaffected", "version": "4.10.90", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.0.361", "versionStartIncluding": "5.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.11.0.414", "versionStartIncluding": "5.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.0.0.245", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.0.244", "versionStartIncluding": "6.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.0.0.119", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.1.0.25", "versionStartIncluding": "7.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:wso2:wso2_enterprise_integrator:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.0.217", "versionStartIncluding": "6.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:wso2:wso2_universal_gateway:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.5.0.10", "versionStartIncluding": "4.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:wso2:wso2_traffic_manager:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.5.0.10", "versionStartIncluding": "4.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.1.0.334", "versionStartIncluding": "3.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.2.0.430", "versionStartIncluding": "3.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.2.1.48", "versionStartIncluding": "3.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.0.0.346", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.1.0.210", "versionStartIncluding": "4.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.2.0.148", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.3.0.61", "versionStartIncluding": "4.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.4.0.24", "versionStartIncluding": "4.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.5.0.10", "versionStartIncluding": "4.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:wso2:wso2_api_control_plane:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.5.0.11", "versionStartIncluding": "4.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:wso2:wso2_identity_server_as_key_manager:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.0.354", "versionStartIncluding": "5.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:wso2:wso2_open_banking_am:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.0.0.382", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:wso2:wso2_open_banking_iam:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.0.0.403", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.5.3.40", "versionStartIncluding": "4.5.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.6.0.1224", "versionStartIncluding": "4.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.6.1.150", "versionStartIncluding": "4.6.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.6.2.664", "versionStartIncluding": "4.6.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.6.3.32", "versionStartIncluding": "4.6.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.6.4.8", "versionStartIncluding": "4.6.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.7.1.69", "versionStartIncluding": "4.7.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.8.1.33", "versionStartIncluding": "4.8.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.9.0.100", "versionStartIncluding": "4.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.9.26.20", "versionStartIncluding": "4.9.26", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.9.27.4", "versionStartIncluding": "4.9.27", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.9.28.4", "versionStartIncluding": "4.9.28", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.10.9.68", "versionStartIncluding": "4.10.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.10.42.10", "versionStartIncluding": "4.10.42", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "versionEndIncluding": "4.9.*", "versionStartIncluding": "4.9.29", "vulnerable": false}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "versionEndIncluding": "*", "versionStartIncluding": "4.10.90", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "reporter", "value": "No\u00ebl Maccary"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure.<br><br>The known exposure from this issue is limited to memory statistics. While the vulnerability does not allow full account compromise, it still enables unauthorized access to internal system details.<br>"}], "value": "An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure.\n\nThe known exposure from this issue is limited to memory statistics. While the vulnerability does not allow full account compromise, it still enables unauthorized access to internal system details."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "shortName": "WSO2", "dateUpdated": "2025-10-24T10:17:47.415Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4115/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: transparent;\">Follow the instructions given on </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4115/#solution\"><span style=\"background-color: transparent;\">https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4115/#solution</span></a> <br>"}], "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4115/#solution https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4115/#solution"}], "source": {"advisory": "WSO2-2025-4115", "discovery": "EXTERNAL"}, "title": "Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-290", "lang": "en", "description": "CWE-290 Authentication Bypass by Spoofing"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-24T11:44:00.454638Z", "id": "CVE-2025-5605", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-24T11:44:58.987Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5605", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-24T11:44:00.454638Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-290", "description": "CWE-290 Authentication Bypass by Spoofing"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-24T11:44:53.012Z"}}], "cna": {"title": "Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure", "source": {"advisory": "WSO2-2025-4115", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "No\u00ebl Maccary"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "WSO2", "product": "WSO2 Identity Server", "versions": [{"status": "unknown", "version": "0", "lessThan": "5.10.0", "versionType": "custom"}, {"status": "affected", "version": "5.10.0", "lessThan": "5.10.0.361", "versionType": "custom"}, {"status": "affected", "version": "5.11.0", "lessThan": "5.11.0.414", "versionType": "custom"}, {"status": "affected", "version": "6.0.0", "lessThan": "6.0.0.245", "versionType": "custom"}, {"status": "affected", "version": "6.1.0", "lessThan": "6.1.0.244", "versionType": "custom"}, {"status": "affected", "version": "7.0.0", "lessThan": "7.0.0.119", "versionType": "custom"}, {"status": "affected", "version": "7.1.0", "lessThan": "7.1.0.25", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "WSO2", "product": "WSO2 Enterprise Integrator", "versions": [{"status": "unknown", "version": "0", "lessThan": "6.6.0", "versionType": "custom"}, {"status": "affected", "version": "6.6.0", "lessThan": "6.6.0.217", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "WSO2", "product": "WSO2 Universal Gateway", "versions": [{"status": "affected", "version": "4.5.0", "lessThan": "4.5.0.10", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "WSO2", "product": "WSO2 Traffic Manager", "versions": [{"status": "affected", "version": "4.5.0", "lessThan": "4.5.0.10", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "WSO2", "product": "WSO2 API Manager", "versions": [{"status": "unknown", "version": "0", "lessThan": "3.1.0", "versionType": "custom"}, {"status": "affected", "version": "3.1.0", "lessThan": "3.1.0.334", "versionType": "custom"}, {"status": "affected", "version": "3.2.0", "lessThan": "3.2.0.430", "versionType": "custom"}, {"status": "affected", "version": "3.2.1", "lessThan": "3.2.1.48", "versionType": "custom"}, {"status": "affected", "version": "4.0.0", "lessThan": "4.0.0.346", "versionType": "custom"}, {"status": "affected", "version": "4.1.0", "lessThan": "4.1.0.210", "versionType": "custom"}, {"status": "affected", "version": "4.2.0", "lessThan": "4.2.0.148", "versionType": "custom"}, {"status": "affected", "version": "4.3.0", "lessThan": "4.3.0.61", "versionType": "custom"}, {"status": "affected", "version": "4.4.0", "lessThan": "4.4.0.24", "versionType": "custom"}, {"status": "affected", "version": "4.5.0", "lessThan": "4.5.0.10", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "WSO2", "product": "WSO2 API Control Plane", "versions": [{"status": "affected", "version": "4.5.0", "lessThan": "4.5.0.11", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "WSO2", "product": "WSO2 Identity Server as Key Manager", "versions": [{"status": "unknown", "version": "0", "lessThan": "5.10.0", "versionType": "custom"}, {"status": "affected", "version": "5.10.0", "lessThan": "5.10.0.354", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "WSO2", "product": "WSO2 Open Banking AM", "versions": [{"status": "unknown", "version": "0", "lessThan": "2.0.0", "versionType": "custom"}, {"status": "affected", "version": "2.0.0", "lessThan": "2.0.0.382", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "WSO2", "product": "WSO2 Open Banking IAM", "versions": [{"status": "unknown", "version": "0", "lessThan": "2.0.0", "versionType": "custom"}, {"status": "affected", "version": "2.0.0", "lessThan": "2.0.0.403", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "WSO2", "product": "org.wso2.carbon:org.wso2.carbon.ui", "versions": [{"status": "affected", "version": "4.5.3", "lessThan": "4.5.3.40", "versionType": "custom"}, {"status": "affected", "version": "4.6.0", "lessThan": "4.6.0.1224", "versionType": "custom"}, {"status": "affected", "version": "4.6.1", "lessThan": "4.6.1.150", "versionType": "custom"}, {"status": "affected", "version": "4.6.2", "lessThan": "4.6.2.664", "versionType": "custom"}, {"status": "affected", "version": "4.6.3", "lessThan": "4.6.3.32", "versionType": "custom"}, {"status": "affected", "version": "4.6.4", "lessThan": "4.6.4.8", "versionType": "custom"}, {"status": "affected", "version": "4.7.1", "lessThan": "4.7.1.69", "versionType": "custom"}, {"status": "affected", "version": "4.8.1", "lessThan": "4.8.1.33", "versionType": "custom"}, {"status": "affected", "version": "4.9.0", "lessThan": "4.9.0.100", "versionType": "custom"}, {"status": "affected", "version": "4.9.26", "lessThan": "4.9.26.20", "versionType": "custom"}, {"status": "affected", "version": "4.9.27", "lessThan": "4.9.27.4", "versionType": "custom"}, {"status": "affected", "version": "4.9.28", "lessThan": "4.9.28.4", "versionType": "custom"}, {"status": "affected", "version": "4.10.9", "lessThan": "4.10.9.68", "versionType": "custom"}, {"status": "affected", "version": "4.10.42", "lessThan": "4.10.42.10", "versionType": "custom"}, {"status": "unaffected", "version": "4.9.29", "versionType": "custom", "lessThanOrEqual": "4.9.*"}, {"status": "unaffected", "version": "4.10.90", "versionType": "custom", "lessThanOrEqual": "*"}], "packageName": "org.wso2.carbon:org.wso2.carbon.ui", "defaultStatus": "unknown"}], "solutions": [{"lang": "en", "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4115/#solution https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4115/#solution", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: transparent;\">Follow the instructions given on </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4115/#solution\"><span style=\"background-color: transparent;\">https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4115/#solution</span></a> <br>", "base64": false}]}], "references": [{"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4115/", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure.\n\nThe known exposure from this issue is limited to memory statistics. While the vulnerability does not allow full account compromise, it still enables unauthorized access to internal system details.", "supportingMedia": [{"type": "text/html", "value": "An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure.<br><br>The known exposure from this issue is limited to memory statistics. While the vulnerability does not allow full account compromise, it still enables unauthorized access to internal system details.<br>", "base64": false}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.0.361", "versionStartIncluding": "5.10.0"}, {"criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.11.0.414", "versionStartIncluding": "5.11.0"}, {"criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.0.0.245", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.0.244", "versionStartIncluding": "6.1.0"}, {"criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "7.0.0.119", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "7.1.0.25", "versionStartIncluding": "7.1.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wso2:wso2_enterprise_integrator:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.0.217", "versionStartIncluding": "6.6.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wso2:wso2_universal_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.5.0.10", "versionStartIncluding": "4.5.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wso2:wso2_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.5.0.10", "versionStartIncluding": "4.5.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "3.1.0.334", "versionStartIncluding": "3.1.0"}, {"criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "3.2.0.430", "versionStartIncluding": "3.2.0"}, {"criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "3.2.1.48", "versionStartIncluding": "3.2.1"}, {"criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.0.0.346", "versionStartIncluding": "4.0.0"}, {"criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.1.0.210", "versionStartIncluding": "4.1.0"}, {"criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.2.0.148", "versionStartIncluding": "4.2.0"}, {"criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.3.0.61", "versionStartIncluding": "4.3.0"}, {"criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.4.0.24", "versionStartIncluding": "4.4.0"}, {"criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.5.0.10", "versionStartIncluding": "4.5.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wso2:wso2_api_control_plane:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.5.0.11", "versionStartIncluding": "4.5.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wso2:wso2_identity_server_as_key_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.0.354", "versionStartIncluding": "5.10.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wso2:wso2_open_banking_am:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2.0.0.382", "versionStartIncluding": "2.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wso2:wso2_open_banking_iam:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2.0.0.403", "versionStartIncluding": "2.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.5.3.40", "versionStartIncluding": "4.5.3"}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.6.0.1224", "versionStartIncluding": "4.6.0"}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.6.1.150", "versionStartIncluding": "4.6.1"}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.6.2.664", "versionStartIncluding": "4.6.2"}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.6.3.32", "versionStartIncluding": "4.6.3"}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.6.4.8", "versionStartIncluding": "4.6.4"}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.7.1.69", "versionStartIncluding": "4.7.1"}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.8.1.33", "versionStartIncluding": "4.8.1"}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.9.0.100", "versionStartIncluding": "4.9.0"}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.9.26.20", "versionStartIncluding": "4.9.26"}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.9.27.4", "versionStartIncluding": "4.9.27"}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.9.28.4", "versionStartIncluding": "4.9.28"}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.10.9.68", "versionStartIncluding": "4.10.9"}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.10.42.10", "versionStartIncluding": "4.10.42"}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "vulnerable": false, "versionEndIncluding": "4.9.*", "versionStartIncluding": "4.9.29"}, {"criteria": "cpe:2.3:a:wso2:org.wso2.carbon_org.wso2.carbon.ui:*:*:*:*:*:*:*:*", "vulnerable": false, "versionEndIncluding": "*", "versionStartIncluding": "4.10.90"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "shortName": "WSO2", "dateUpdated": "2025-10-24T10:17:47.415Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5605", "state": "PUBLISHED", "dateUpdated": "2025-10-24T11:44:58.987Z", "dateReserved": "2025-06-04T10:51:11.459Z", "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "datePublished": "2025-10-24T10:09:59.591Z", "assignerShortName": "WSO2"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure.\n\nThe known exposure from this issue is limited to memory statistics. While the vulnerability does not allow full account compromise, it still enables unauthorized access to internal system details."}], "id": "CVE-2025-5605", "lastModified": "2025-10-24T12:15:37.950", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "type": "Secondary"}]}, "published": "2025-10-24T10:15:39.160", "references": [{"source": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4115/"}], "sourceIdentifier": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-290"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}