CVE-2025-9955 (GCVE-0-2025-9955)
Vulnerability from cvelistv5
Published
2025-10-16 12:14
Modified
2025-10-16 13:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details that are not intended to be exposed at that privilege level.
While no credentials or sensitive user information are exposed, this vulnerability may allow unauthorized visibility into internal operational details, which could aid in further exploitation or reconnaissance.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WSO2 | WSO2 Enterprise Integrator |
Version: 6.0.0 < 6.0.0.22 Version: 6.1.0 < 6.1.0.39 Version: 6.1.1 < 6.1.1.43 Version: 6.2.0 < 6.2.0.62 Version: 6.3.0 < 6.3.0.70 Version: 6.4.0 < 6.4.0.100 Version: 6.5.0 < 6.5.0.107 Version: 6.6.0 < 6.6.0.222 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9955",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T13:23:25.309685Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T13:29:14.882Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WSO2 Enterprise Integrator",
"vendor": "WSO2",
"versions": [
{
"lessThan": "6.0.0",
"status": "unknown",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "6.0.0.22",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThan": "6.1.0.39",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "6.1.1.43",
"status": "affected",
"version": "6.1.1",
"versionType": "custom"
},
{
"lessThan": "6.2.0.62",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThan": "6.3.0.70",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
},
{
"lessThan": "6.4.0.100",
"status": "affected",
"version": "6.4.0",
"versionType": "custom"
},
{
"lessThan": "6.5.0.107",
"status": "affected",
"version": "6.5.0",
"versionType": "custom"
},
{
"lessThan": "6.6.0.222",
"status": "affected",
"version": "6.6.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WSO2 Enterprise Service Bus",
"vendor": "WSO2",
"versions": [
{
"lessThan": "5.0.0",
"status": "unknown",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "5.0.0.29",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"packageName": "org.wso2.carbon:org.wso2.carbon.base",
"product": "org.wso2.carbon:org.wso2.carbon.base",
"vendor": "WSO2",
"versions": [
{
"lessThan": "4.4.8.7",
"status": "affected",
"version": "4.4.8",
"versionType": "custom"
},
{
"lessThan": "4.4.14.5",
"status": "affected",
"version": "4.4.14",
"versionType": "custom"
},
{
"lessThan": "4.4.16.9",
"status": "affected",
"version": "4.4.16",
"versionType": "custom"
},
{
"lessThan": "4.4.26.13",
"status": "affected",
"version": "4.4.26",
"versionType": "custom"
},
{
"lessThan": "4.4.32.16",
"status": "affected",
"version": "4.4.32",
"versionType": "custom"
},
{
"lessThan": "4.4.36.7",
"status": "affected",
"version": "4.4.36",
"versionType": "custom"
},
{
"lessThan": "4.4.40.37",
"status": "affected",
"version": "4.4.40",
"versionType": "custom"
},
{
"lessThan": "4.5.3.45",
"status": "affected",
"version": "4.5.3",
"versionType": "custom"
},
{
"lessThan": "4.9.29",
"status": "affected",
"version": "4.9",
"versionType": "custom"
},
{
"lessThan": "4.10.94",
"status": "affected",
"version": "4.10",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"packageName": "org.wso2.carbon:org.wso2.carbon.server.admin",
"product": "org.wso2.carbon:org.wso2.carbon.server.admin",
"vendor": "WSO2",
"versions": [
{
"lessThan": "4.4.8.7",
"status": "affected",
"version": "4.4.8",
"versionType": "custom"
},
{
"lessThan": "4.4.14.5",
"status": "affected",
"version": "4.4.14",
"versionType": "custom"
},
{
"lessThan": "4.4.16.9",
"status": "affected",
"version": "4.4.16",
"versionType": "custom"
},
{
"lessThan": "4.4.26.13",
"status": "affected",
"version": "4.4.26",
"versionType": "custom"
},
{
"lessThan": "4.4.32.16",
"status": "affected",
"version": "4.4.32",
"versionType": "custom"
},
{
"lessThan": "4.4.36.7",
"status": "affected",
"version": "4.4.36",
"versionType": "custom"
},
{
"lessThan": "4.4.40.37",
"status": "affected",
"version": "4.4.40",
"versionType": "custom"
},
{
"lessThan": "4.5.3.45",
"status": "affected",
"version": "4.5.3",
"versionType": "custom"
},
{
"lessThan": "4.9.29",
"status": "affected",
"version": "4.9",
"versionType": "custom"
},
{
"lessThan": "4.10.94",
"status": "affected",
"version": "4.10",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details that are not intended to be exposed at that privilege level.\u003cbr\u003e\u003cbr\u003eWhile no credentials or sensitive user information are exposed, this vulnerability may allow unauthorized visibility into internal operational details, which could aid in further exploitation or reconnaissance.\u003cbr\u003e"
}
],
"value": "An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details that are not intended to be exposed at that privilege level.\n\nWhile no credentials or sensitive user information are exposed, this vulnerability may allow unauthorized visibility into internal operational details, which could aid in further exploitation or reconnaissance."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T12:14:56.477Z",
"orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"shortName": "WSO2"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4526/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4526/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4526/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
}
],
"value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4526/#solution https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4526/#solution"
}
],
"source": {
"advisory": "WSO2-2025-4526",
"discovery": "INTERNAL"
},
"title": "Improper Access Control in WSO2 Enterprise Integrator Product via SOAP Admin Services for Logs and User-Store Configuration",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"assignerShortName": "WSO2",
"cveId": "CVE-2025-9955",
"datePublished": "2025-10-16T12:14:56.477Z",
"dateReserved": "2025-09-03T15:10:08.622Z",
"dateUpdated": "2025-10-16T13:29:14.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-9955\",\"sourceIdentifier\":\"ed10eef1-636d-4fbe-9993-6890dfa878f8\",\"published\":\"2025-10-16T13:15:42.300\",\"lastModified\":\"2025-10-21T18:32:41.200\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details that are not intended to be exposed at that privilege level.\\n\\nWhile no credentials or sensitive user information are exposed, this vulnerability may allow unauthorized visibility into internal operational details, which could aid in further exploitation or reconnaissance.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ed10eef1-636d-4fbe-9993-6890dfa878f8\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.1,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:enterprise_integrator:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2242AF12-0C75-41A7-8450-B9A2EBF5A8CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:enterprise_integrator:6.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D64106E7-1956-4AAA-915F-7E6DB7461BD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:enterprise_integrator:6.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA3B48BB-ECB5-4A94-B76D-97BC3D303E9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:enterprise_integrator:6.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66292C25-B0B9-4FCE-9382-57B8F6BB814A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:enterprise_integrator:6.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"709DC7EA-18A6-4B83-84CB-F2499BEB5D2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:enterprise_integrator:6.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18E8577A-B322-4A70-B8AB-9DE45EFDF229\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:enterprise_integrator:6.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FCA89E3-F37E-494E-AD46-B9A04E608908\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:enterprise_integrator:6.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4A07C73-3E6B-4CF9-BEB9-39C6081C0332\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:enterprise_service_bus:5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"236C44E3-FAB5-41F2-9884-D17944EBB468\"}]}]}],\"references\":[{\"url\":\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4526/\",\"source\":\"ed10eef1-636d-4fbe-9993-6890dfa878f8\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-9955\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-16T13:23:25.309685Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863 Incorrect Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-16T13:23:30.628Z\"}}], \"cna\": {\"title\": \"Improper Access Control in WSO2 Enterprise Integrator Product via SOAP Admin Services for Logs and User-Store Configuration\", \"source\": {\"advisory\": \"WSO2-2025-4526\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.7, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"WSO2\", \"product\": \"WSO2 Enterprise Integrator\", \"versions\": [{\"status\": \"unknown\", \"version\": \"0\", \"lessThan\": \"6.0.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.0.0\", \"lessThan\": \"6.0.0.22\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.1.0\", \"lessThan\": \"6.1.0.39\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.1.1\", \"lessThan\": \"6.1.1.43\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.2.0\", \"lessThan\": \"6.2.0.62\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.3.0\", \"lessThan\": \"6.3.0.70\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.4.0\", \"lessThan\": \"6.4.0.100\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.5.0\", \"lessThan\": \"6.5.0.107\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.6.0\", \"lessThan\": \"6.6.0.222\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WSO2\", \"product\": \"WSO2 Enterprise Service Bus\", \"versions\": [{\"status\": \"unknown\", \"version\": \"0\", \"lessThan\": \"5.0.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"5.0.0\", \"lessThan\": \"5.0.0.29\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WSO2\", \"product\": \"org.wso2.carbon:org.wso2.carbon.base\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.4.8\", \"lessThan\": \"4.4.8.7\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.4.14\", \"lessThan\": \"4.4.14.5\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.4.16\", \"lessThan\": \"4.4.16.9\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.4.26\", \"lessThan\": \"4.4.26.13\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.4.32\", \"lessThan\": \"4.4.32.16\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.4.36\", \"lessThan\": \"4.4.36.7\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.4.40\", \"lessThan\": \"4.4.40.37\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.5.3\", \"lessThan\": \"4.5.3.45\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.9\", \"lessThan\": \"4.9.29\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.10\", \"lessThan\": \"4.10.94\", \"versionType\": \"custom\"}], \"packageName\": \"org.wso2.carbon:org.wso2.carbon.base\", \"defaultStatus\": \"unknown\"}, {\"vendor\": \"WSO2\", \"product\": \"org.wso2.carbon:org.wso2.carbon.server.admin\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.4.8\", \"lessThan\": \"4.4.8.7\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.4.14\", \"lessThan\": \"4.4.14.5\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.4.16\", \"lessThan\": \"4.4.16.9\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.4.26\", \"lessThan\": \"4.4.26.13\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.4.32\", \"lessThan\": \"4.4.32.16\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.4.36\", \"lessThan\": \"4.4.36.7\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.4.40\", \"lessThan\": \"4.4.40.37\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.5.3\", \"lessThan\": \"4.5.3.45\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.9\", \"lessThan\": \"4.9.29\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.10\", \"lessThan\": \"4.10.94\", \"versionType\": \"custom\"}], \"packageName\": \"org.wso2.carbon:org.wso2.carbon.server.admin\", \"defaultStatus\": \"unknown\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4526/#solution https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4526/#solution\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: transparent;\\\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4526/#solution\\\"\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4526/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4526/\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details that are not intended to be exposed at that privilege level.\\n\\nWhile no credentials or sensitive user information are exposed, this vulnerability may allow unauthorized visibility into internal operational details, which could aid in further exploitation or reconnaissance.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details that are not intended to be exposed at that privilege level.\u003cbr\u003e\u003cbr\u003eWhile no credentials or sensitive user information are exposed, this vulnerability may allow unauthorized visibility into internal operational details, which could aid in further exploitation or reconnaissance.\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"ed10eef1-636d-4fbe-9993-6890dfa878f8\", \"shortName\": \"WSO2\", \"dateUpdated\": \"2025-10-16T12:14:56.477Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-9955\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-16T13:29:14.882Z\", \"dateReserved\": \"2025-09-03T15:10:08.622Z\", \"assignerOrgId\": \"ed10eef1-636d-4fbe-9993-6890dfa878f8\", \"datePublished\": \"2025-10-16T12:14:56.477Z\", \"assignerShortName\": \"WSO2\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…