Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-9955

An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details that are not intended to be exposed at that privilege level. While no credentials or sensitive user information are exposed, this vulnerability may allow unauthorized visibility into internal operational details, which could aid in further exploitation or reconnaissance.

Published

2025-10-16T13:15:42.300

Last Modified

2025-10-21T18:32:41.200

Status

Analyzed

Source

ed10eef1-636d-4fbe-9993-6890dfa878f8

Severity

CVSSv3.1: 5.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-863

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	wso2	enterprise_integrator	6.0.0	Yes
Application	wso2	enterprise_integrator	6.1.0	Yes
Application	wso2	enterprise_integrator	6.1.1	Yes
Application	wso2	enterprise_integrator	6.2.0	Yes
Application	wso2	enterprise_integrator	6.3.0	Yes
Application	wso2	enterprise_integrator	6.4.0	Yes
Application	wso2	enterprise_integrator	6.5.0	Yes
Application	wso2	enterprise_integrator	6.6.0	Yes
Application	wso2	enterprise_service_bus	5.0.0	Yes

References

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4526/ Vendor Advisory (ed10eef1-636d-4fbe-9993-6890dfa878f8)