Authentication Bypass via URI Manipulation in Multiple WSO2 Products’ Management Console Leading to Partial Information Disclosure_CVE-2025-5605

{
    "lastseen": "",
    "description": "An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure.\n\nThe known exposure from this issue is limited to memory statistics. While the vulnerability does not allow full account compromise, it still enables unauthorized access to internal system details.",
    "published": "2025-10-24T10:09:59.591Z",
    "modified": "2025-10-24T11:44:58.987Z",
    "type": "cve",
    "title": "Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure",
    "source": "WSO2",
    "references": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4115/",
    "id": "CVE-2025-5605",
    "bulletinFamily": "",
    "cwe": [
        "CWE-290"
    ],
    "cvelist": null,
    "sourceData": "WSO2 WSO2 Identity Server 5.10.0\nWSO2 WSO2 Identity Server 5.11.0\nWSO2 WSO2 Identity Server 6.0.0\nWSO2 WSO2 Identity Server 6.1.0\nWSO2 WSO2 Identity Server 7.0.0\nWSO2 WSO2 Identity Server 7.1.0\nWSO2 WSO2 Enterprise Integrator 6.6.0\nWSO2 WSO2 Universal Gateway 4.5.0\nWSO2 WSO2 Traffic Manager 4.5.0\nWSO2 WSO2 API Manager 3.1.0\nWSO2 WSO2 API Manager 3.2.0\nWSO2 WSO2 API Manager 3.2.1\nWSO2 WSO2 API Manager 4.0.0\nWSO2 WSO2 API Manager 4.1.0\nWSO2 WSO2 API Manager 4.2.0\nWSO2 WSO2 API Manager 4.3.0\nWSO2 WSO2 API Manager 4.4.0\nWSO2 WSO2 API Manager 4.5.0\nWSO2 WSO2 API Control Plane 4.5.0\nWSO2 WSO2 Identity Server as Key Manager 5.10.0\nWSO2 WSO2 Open Banking AM 2.0.0\nWSO2 WSO2 Open Banking IAM 2.0.0\nWSO2 org.wso2.carbon:org.wso2.carbon.ui 4.5.3\nWSO2 org.wso2.carbon:org.wso2.carbon.ui 4.6.0\nWSO2 org.wso2.carbon:org.wso2.carbon.ui 4.6.1\nWSO2 org.wso2.carbon:org.wso2.carbon.ui 4.6.2\nWSO2 org.wso2.carbon:org.wso2.carbon.ui 4.6.3\nWSO2 org.wso2.carbon:org.wso2.carbon.ui 4.6.4\nWSO2 org.wso2.carbon:org.wso2.carbon.ui 4.7.1\nWSO2 org.wso2.carbon:org.wso2.carbon.ui 4.8.1\nWSO2 org.wso2.carbon:org.wso2.carbon.ui 4.9.0\nWSO2 org.wso2.carbon:org.wso2.carbon.ui 4.9.26\nWSO2 org.wso2.carbon:org.wso2.carbon.ui 4.9.27\nWSO2 org.wso2.carbon:org.wso2.carbon.ui 4.9.28\nWSO2 org.wso2.carbon:org.wso2.carbon.ui 4.10.9\nWSO2 org.wso2.carbon:org.wso2.carbon.ui 4.10.42",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WSO2 Identity Server",
    "version": "0",
    "vendor": "WSO2",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}