CVE-2025-9955
BaseFortify
Publication date: 2025-10-16
Last updated on: 2025-10-21
Assigner: WSO2 LLC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wso2 | enterprise_integrator | 6.0.0 |
| wso2 | enterprise_integrator | 6.1.0 |
| wso2 | enterprise_integrator | 6.1.1 |
| wso2 | enterprise_integrator | 6.2.0 |
| wso2 | enterprise_integrator | 6.3.0 |
| wso2 | enterprise_integrator | 6.4.0 |
| wso2 | enterprise_integrator | 6.5.0 |
| wso2 | enterprise_integrator | 6.6.0 |
| wso2 | enterprise_service_bus | 5.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper access control issue in the WSO2 Enterprise Integrator product. It occurs because internal SOAP admin services related to system logs and user-store configuration do not have sufficient permission restrictions. As a result, a low-privileged user can access log data and user-store configuration details that should not be accessible at their privilege level.
How can this vulnerability impact me? :
The impact of this vulnerability is that unauthorized users with low privileges can gain visibility into internal operational details such as system logs and user-store configuration. Although no credentials or sensitive user information are exposed, this unauthorized access could aid attackers in further exploitation or reconnaissance activities.