CVE-2025-9152 (GCVE-0-2025-9152)
Vulnerability from cvelistv5
Published
2025-10-16 12:37
Modified
2025-10-17 16:00
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration (DCR) endpoint. A malicious user can exploit this flaw to generate access tokens with elevated privileges, potentially leading to administrative access and the ability to perform unauthorized operations.
References
Impacted products
Vendor Product Version
WSO2 WSO2 API Manager Version: 3.2.0   < 3.2.0.437
Version: 3.2.1   < 3.2.1.57
Version: 4.0.0   < 4.0.0.357
Version: 4.1.0   < 4.1.0.221
Version: 4.2.0   < 4.2.0.159
Version: 4.3.0   < 4.3.0.72
Version: 4.4.0   < 4.4.0.35
Version: 4.5.0   < 4.5.0.19
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9152",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-16T12:59:14.709557Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-306",
                "description": "CWE-306 Missing Authentication for Critical Function",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-17T16:00:41.854Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WSO2 API Manager",
          "vendor": "WSO2",
          "versions": [
            {
              "lessThan": "3.2.0",
              "status": "unknown",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.2.0.437",
              "status": "affected",
              "version": "3.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.2.1.57",
              "status": "affected",
              "version": "3.2.1",
              "versionType": "custom"
            },
            {
              "lessThan": "4.0.0.357",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.1.0.221",
              "status": "affected",
              "version": "4.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.2.0.159",
              "status": "affected",
              "version": "4.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.3.0.72",
              "status": "affected",
              "version": "4.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.4.0.35",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.5.0.19",
              "status": "affected",
              "version": "4.5.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WSO2 API Control Plane",
          "vendor": "WSO2",
          "versions": [
            {
              "lessThan": "4.5.0.20",
              "status": "affected",
              "version": "4.5.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "crnkovi\u0107"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration (DCR) endpoint.\u003cbr\u003e\u003cbr\u003eA malicious user can exploit this flaw to generate access tokens with elevated privileges, potentially leading to administrative access and the ability to perform unauthorized operations.\u003cbr\u003e"
            }
          ],
          "value": "An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration (DCR) endpoint.\n\nA malicious user can exploit this flaw to generate access tokens with elevated privileges, potentially leading to administrative access and the ability to perform unauthorized operations."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-16T12:37:00.966Z",
        "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "shortName": "WSO2"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4483/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4483/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4483/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
            }
          ],
          "value": "Follow the instructions given on  https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4483/#solution https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4483/#solution"
        }
      ],
      "source": {
        "advisory": "WSO2-2025-4483",
        "discovery": "EXTERNAL"
      },
      "title": "Improper Privilege Management in Multiple WSO2 API Manager via keymanager-operations DCR Endpoint",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
    "assignerShortName": "WSO2",
    "cveId": "CVE-2025-9152",
    "datePublished": "2025-10-16T12:37:00.966Z",
    "dateReserved": "2025-08-19T08:48:03.616Z",
    "dateUpdated": "2025-10-17T16:00:41.854Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-9152\",\"sourceIdentifier\":\"ed10eef1-636d-4fbe-9993-6890dfa878f8\",\"published\":\"2025-10-16T13:15:41.840\",\"lastModified\":\"2025-10-21T18:33:41.413\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration (DCR) endpoint.\\n\\nA malicious user can exploit this flaw to generate access tokens with elevated privileges, potentially leading to administrative access and the ability to perform unauthorized operations.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ed10eef1-636d-4fbe-9993-6890dfa878f8\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_control_plane:4.5.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEEA7DB5-BBF7-44A4-9FB6-0D235A44C680\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_manager:3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E31E32CD-497E-4EF5-B3FC-8718EE06EDAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_manager:3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B58251E8-606B-47C8-8E50-9F9FC8C179BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_manager:4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E21D7ABF-C328-425D-B914-618C7628220B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_manager:4.1.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"51465410-6B7C-40FD-A1AB-A14F650A6AC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_manager:4.2.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"851470CC-22AB-43E4-9CC6-5E22D49B3572\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_manager:4.3.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EBAB99E-6F0F-4CE9-A954-E8878826304C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_manager:4.4.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B3E6207-B2CF-487C-9CB8-906248B665C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_manager:4.5.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D47B760D-5418-4FB0-88F0-3F78BAFF63E1\"}]}]}],\"references\":[{\"url\":\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4483/\",\"source\":\"ed10eef1-636d-4fbe-9993-6890dfa878f8\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-9152\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-16T12:59:14.709557Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-306\", \"description\": \"CWE-306 Missing Authentication for Critical Function\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-16T12:57:59.271Z\"}}], \"cna\": {\"title\": \"Improper Privilege Management in Multiple WSO2 API Manager via keymanager-operations DCR Endpoint\", \"source\": {\"advisory\": \"WSO2-2025-4483\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"crnkovi\\u0107\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"WSO2\", \"product\": \"WSO2 API Manager\", \"versions\": [{\"status\": \"unknown\", \"version\": \"0\", \"lessThan\": \"3.2.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"3.2.0\", \"lessThan\": \"3.2.0.437\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"3.2.1\", \"lessThan\": \"3.2.1.57\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.0.0\", \"lessThan\": \"4.0.0.357\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.1.0\", \"lessThan\": \"4.1.0.221\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.2.0\", \"lessThan\": \"4.2.0.159\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.3.0\", \"lessThan\": \"4.3.0.72\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.4.0\", \"lessThan\": \"4.4.0.35\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.5.0\", \"lessThan\": \"4.5.0.19\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WSO2\", \"product\": \"WSO2 API Control Plane\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.5.0\", \"lessThan\": \"4.5.0.20\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Follow the instructions given on  https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4483/#solution https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4483/#solution\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: transparent;\\\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4483/#solution\\\"\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4483/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4483/\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration (DCR) endpoint.\\n\\nA malicious user can exploit this flaw to generate access tokens with elevated privileges, potentially leading to administrative access and the ability to perform unauthorized operations.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration (DCR) endpoint.\u003cbr\u003e\u003cbr\u003eA malicious user can exploit this flaw to generate access tokens with elevated privileges, potentially leading to administrative access and the ability to perform unauthorized operations.\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"ed10eef1-636d-4fbe-9993-6890dfa878f8\", \"shortName\": \"WSO2\", \"dateUpdated\": \"2025-10-16T12:37:00.966Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-9152\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-17T16:00:41.854Z\", \"dateReserved\": \"2025-08-19T08:48:03.616Z\", \"assignerOrgId\": \"ed10eef1-636d-4fbe-9993-6890dfa878f8\", \"datePublished\": \"2025-10-16T12:37:00.966Z\", \"assignerShortName\": \"WSO2\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.