CVE-2025-10611

Name of the Vulnerable Software and Affected Versions WSO2 Products (affected versions not specified)

Description An insufficient access control implementation exists in multiple WSO2 Products. This allows bypassing authentication and authorization checks for certain REST APIs, enabling invocation without proper validation. Successful exploitation could grant a malicious actor administrative access and the ability to perform unauthorized operations. The flaw compromises the security barrier restricting access to administrative or sensitive functions, permitting unauthorized execution of privileged operations.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.