CVE-2025-10907

Name of the Vulnerable Software and Affected Versions WSO2 products (affected versions not specified)

Description An arbitrary file upload issue exists due to inadequate validation of uploaded content and destination within SOAP admin services. An attacker with administrative privileges can upload a crafted file to a location they control within the deployment. Successful exploitation could result in remote code execution (RCE) on the server, depending on how the uploaded file is handled. This issue is exploitable only by users with administrative access to the affected SOAP services.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.