CVE-2025-9804

Name of the Vulnerable Software and Affected Versions WSO2 products (affected versions not specified)

Description An improper access control issue exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. This allows a low-privileged user to perform unauthorized operations, including accessing server-level information. The vulnerability affects only internal administrative interfaces and does not impact APIs exposed through the WSO2 API Manager's API Gateway. The vulnerability allows unauthorized access to server information through internal SOAP Admin Services. The issue stems from insufficient permission enforcement within internal SOAP Admin Services and System REST APIs.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.