PT-2026-55701 · Wso2 · Wso2 Api Manager+1

Published

2026-07-04

·

Updated

2026-07-04

·

CVE-2025-13475

CVSS v3.1

3.5

Low

VectorAV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions The product name cannot be determined (affected versions not specified)
Description In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. This occurs when consent granted by a user for a specific SaaS application in one tenant is incorrectly applied to SaaS applications with the same name in other tenants, resulting in cross-tenant consent sharing. This issue may lead to unauthorized data access and privacy violations, as SaaS applications in different tenants could access or modify user information without explicit authorization. This issue does not affect deployments that do not support multi-tenancy.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Authentication Bypass Using an Alternate Path or Channel

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2025-13475

Affected Products

Wso2 Api Manager
Wso2 Identity Server