{“lastseen”:””,”description”:”An authenticated remote code execution (RCE) vulnerability exists in multiple WSO2 products due to improper input validation in the event processor admin service. A user with administrative access to the SOAP admin services can exploit this flaw by deploying a Siddhi execution plan containing malicious Java code, resulting in arbitrary code execution on the server.\\n\\nExploitation of this vulnerability requires a valid user account with administrative privileges, limiting the attack surface to authenticated but potentially malicious users.”,”published”:”2025-09-23T16:05:19.923Z”,”modified”:”2025-09-23T16:05:19.923Z”,”type”:”cve”,”title”:”Authenticated Remote Code Execution in Multiple WSO2 Products via Event Processor Admin Service”,”source”:”WSO2″,”references”:”https:\/\/security.docs.wso2.com\/en\/latest\/security-announcements\/security-advisories\/2025\/WSO2-2025-4119\/”,”id”:”CVE-2025-5717″,”bulletinFamily”:””,”cwe”:[“CWE-94″],”cvelist”:null,”sourceData”:”WSO2 WSO2 API Manager 3.0.0\\nWSO2 WSO2 API Manager 3.1.0\\nWSO2 WSO2 API Manager 3.2.0\\nWSO2 WSO2 API Manager 3.2.1\\nWSO2 WSO2 API Manager 4.0.0\\nWSO2 WSO2 API Manager 4.1.0\\nWSO2 WSO2 API Manager 4.2.0\\nWSO2 WSO2 API Manager 4.3.0\\nWSO2 WSO2 API Manager 4.4.0\\nWSO2 WSO2 API Manager 4.5.0\\nWSO2 WSO2 Open Banking AM 2.0.0\\nWSO2 WSO2 Traffic Manager 4.5.0\\nWSO2 WSO2 API Control Plane 4.5.0\\nWSO2 Siddhi Extension Evaluate Scripts 3.2.6\\nWSO2 Siddhi Extension Evaluate Scripts 3.2.7\\nWSO2 Siddhi Extension Evaluate Scripts 3.2.8\\nWSO2 Siddhi Extension Evaluate Scripts 3.2.10\\nWSO2 Siddhi Extension Evaluate Scripts 3.2.13\\nWSO2 Siddhi Extension Evaluate Scripts 3.2.14″,”sourceHref”:””,”cvss”:{“score”:6.7,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:L”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”WSO2 API Manager”,”version”:”0″,”vendor”:”WSO2″,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”An authenticated remote code execution (RCE) vulnerability exists in multiple WSO2 products due to improper input validation in the event processor admin service. A user…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,64,12,21,13,7,11,5],"class_list":["post-18753","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-67","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n