CVE-2025-5717

Name of the Vulnerable Software and Affected Versions WSO2 products (affected versions not specified)

Description An authenticated remote code execution (RCE) issue exists due to improper input validation in the event processor admin service. An attacker with administrative access to the SOAP admin services can deploy a Siddhi execution plan containing malicious Java code, leading to arbitrary code execution on the server. Exploitation requires a valid user account with administrative privileges. The vulnerable component is the event processor admin service, specifically when handling Siddhi execution plans. The API endpoint used for deployment is the SOAP admin service. The vulnerability lies in the improper validation of input within the Siddhi execution plan, allowing malicious Java code to be injected and executed. The variable execution plan within the SOAP request is susceptible to this flaw. The function deployExecutionPlan() is involved in processing the Siddhi execution plan.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.