CVE-2025-10611

Published Oct 16, 2025

Last updated 4 months ago

CVSS critical 9.8
API

Overview

Description
Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without proper validation. Successful exploitation of this vulnerability could lead to a malicious actor gaining administrative access and performing unauthenticated and unauthorized administrative operations.
Source
ed10eef1-636d-4fbe-9993-6890dfa878f8
NVD status
Analyzed
Products
api_control_plane, api_manager, identity_server, identity_server_as_key_manager, open_banking_am, open_banking_iam, open_banking_km, traffic_manager, universal_gateway

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-863

Social media

Hype score
Not currently trending

  1. WSO2 REST API Auth Bypass: What You Need to Know CVE-2025-10611 allows attackers to bypass authentication on WSO2 REST APIs. High risk for exposed APIs—patch ASAP. For more details, read ZeroPath's blog on this vuln. #AppSec #APISecurity #InfoSec https://t.co/TyU0FBE4FC

    @ZeroPathLabs

    16 Oct 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-10611 pertains to an **insufficient access control implementation** within multiple WSO2 products. This flaw allows attackers to **bypass authentication and authorization checks** on certain REST APIs, enabling them to invoke these APIs without proper validation.

    @CveTodo

    16 Oct 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. [CVE-2025-10611: CRITICAL] Vulnerability in WSO2 Products: Insufficient access control may allow bypassing authentication & authorization, leading to unauthorized admin access & operations.#cve,CVE-2025-10611,#cybersecurity https://t.co/Q2pLDW0ZjL https://t.co/2xrJPHdpju

    @CveFindCom

    16 Oct 2025

    166 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider (IDP) there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will be no impact on your deployment if any of the preconditions mentioned below are not met. Only when all the preconditions mentioned below are fulfilled could a malicious actor associate a targeted local user account with a federated IDP user account that they control. The Deployment should have: -An IDP configured for federated authentication with Silent JIT provisioning enabled. The malicious actor should have: -A fresh valid user account in the federated IDP that has not been used earlier. -Knowledge of the username of a valid user in the local IDP. -An account at the federated IDP matching the targeted local username.CVE-2024-1524
  2. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location within the deployment via a system REST API. Successful uploads may lead to remote code execution. By leveraging the vulnerability, a malicious actor may perform Remote Code Execution by uploading a specially crafted payload.CVE-2025-13590
  3. Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates. Successful exploitation of this vulnerability could allow a malicious actor with admin privilege to inject and execute arbitrary template code on the server, potentially leading to remote code execution, data manipulation, or unauthorized access to sensitive information.CVE-2025-12107
  4. n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue has been patched in versions 1.123.17 and 2.5.2.CVE-2026-25049
  5. An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router:  * from 5.6.7 before 5.6.17,  * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts,  * from 6.2 before 6.2.8-lts,  * from 6.3 before 6.3.3-r2;  This issue affects Session Smart Conductor:  * from 5.6.7 before 5.6.17,  * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts,  * from 6.2 before 6.2.8-lts,  * from 6.3 before 6.3.3-r2;  This issue affects WAN Assurance Managed Routers:  * from 5.6.7 before 5.6.17,  * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts,  * from 6.2 before 6.2.8-lts,  * from 6.3 before 6.3.3-r2.CVE-2025-21589

References

Sources include official advisories and independent security research.