CVE-2025-1862

Name of the Vulnerable Software and Affected Versions WSO2 products (affected versions not specified)

Description An arbitrary file upload issue exists because of insufficient validation of filenames submitted by users in the BPEL uploader SOAP service endpoint. An attacker with administrative access can upload files to a location controlled by the user on the server. Exploiting this can allow an attacker to upload a malicious payload and achieve remote code execution (RCE), potentially compromising the server and its data. The vulnerable endpoint is '/services/bpel/upload'. The vulnerability involves improper handling of user-supplied filenames.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.