Authenticated Remote Code Execution in Multiple WSO2 Products via Event...

6.7 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

Description

An authenticated remote code execution (RCE) vulnerability exists in multiple WSO2 products due to improper input validation in the event processor admin service. A user with administrative access to the SOAP admin services can exploit this flaw by deploying a Siddhi execution plan containing malicious Java code, resulting in arbitrary code execution on the server.

Exploitation of this vulnerability requires a valid user account with administrative privileges, limiting the attack surface to authenticated but potentially malicious users.

Basic Information

ID CVE-2025-5717

Source WSO2

Published Sep 23, 2025 at 16:05

Affected Product

Vendor WSO2

Product WSO2 API Manager

Affected Versions WSO2 WSO2 API Manager 3.0.0
WSO2 WSO2 API Manager 3.1.0
WSO2 WSO2 API Manager 3.2.0
WSO2 WSO2 API Manager 3.2.1
WSO2 WSO2 API Manager 4.0.0
WSO2 WSO2 API Manager 4.1.0
WSO2 WSO2 API Manager 4.2.0
WSO2 WSO2 API Manager 4.3.0
WSO2 WSO2 API Manager 4.4.0
WSO2 WSO2 API Manager 4.5.0
WSO2 WSO2 Open Banking AM 2.0.0
WSO2 WSO2 Traffic Manager 4.5.0
WSO2 WSO2 API Control Plane 4.5.0
WSO2 Siddhi Extension Evaluate Scripts 3.2.6
WSO2 Siddhi Extension Evaluate Scripts 3.2.7
WSO2 Siddhi Extension Evaluate Scripts 3.2.8
WSO2 Siddhi Extension Evaluate Scripts 3.2.10
WSO2 Siddhi Extension Evaluate Scripts 3.2.13
WSO2 Siddhi Extension Evaluate Scripts 3.2.14

CWE Classification

CWE-94

References

security.docs.wso2.com /en/latest/security-announcements/security-advisories/2025/WSO2-2025-4119/

{
    "lastseen": "",
    "description": "An authenticated remote code execution (RCE) vulnerability exists in multiple WSO2 products due to improper input validation in the event processor admin service. A user with administrative access to the SOAP admin services can exploit this flaw by deploying a Siddhi execution plan containing malicious Java code, resulting in arbitrary code execution on the server.\n\nExploitation of this vulnerability requires a valid user account with administrative privileges, limiting the attack surface to authenticated but potentially malicious users.",
    "published": "2025-09-23T16:05:19.923Z",
    "modified": "2025-09-23T16:05:19.923Z",
    "type": "cve",
    "title": "Authenticated Remote Code Execution in Multiple WSO2 Products via Event Processor Admin Service",
    "source": "WSO2",
    "references": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4119/",
    "id": "CVE-2025-5717",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "WSO2 WSO2 API Manager 3.0.0\nWSO2 WSO2 API Manager 3.1.0\nWSO2 WSO2 API Manager 3.2.0\nWSO2 WSO2 API Manager 3.2.1\nWSO2 WSO2 API Manager 4.0.0\nWSO2 WSO2 API Manager 4.1.0\nWSO2 WSO2 API Manager 4.2.0\nWSO2 WSO2 API Manager 4.3.0\nWSO2 WSO2 API Manager 4.4.0\nWSO2 WSO2 API Manager 4.5.0\nWSO2 WSO2 Open Banking AM 2.0.0\nWSO2 WSO2 Traffic Manager 4.5.0\nWSO2 WSO2 API Control Plane 4.5.0\nWSO2 Siddhi Extension Evaluate Scripts 3.2.6\nWSO2 Siddhi Extension Evaluate Scripts 3.2.7\nWSO2 Siddhi Extension Evaluate Scripts 3.2.8\nWSO2 Siddhi Extension Evaluate Scripts 3.2.10\nWSO2 Siddhi Extension Evaluate Scripts 3.2.13\nWSO2 Siddhi Extension Evaluate Scripts 3.2.14",
    "sourceHref": "",
    "cvss": {
        "score": 6.7,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WSO2 API Manager",
    "version": "0",
    "vendor": "WSO2",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Authenticated Remote Code Execution in Multiple WSO2 Products via Event Processor Admin Service_CVE-2025-5717