CVE-2025-0663

Name of the Vulnerable Software and Affected Versions WSO2 products (affected versions not specified)

Description A cross-tenant authentication issue exists because of a flawed cryptographic design in Adaptive Authentication. A single cryptographic key is used for all tenants to sign authentication cookies, potentially allowing a privileged user in one tenant to create authentication cookies for users in other tenants.

The Auto-Login feature, when enabled, may allow an attacker to gain unauthorized access and potentially take over accounts in other tenants. Exploitation requires access to Adaptive Authentication functionality, typically limited to high-privileged users.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.