PT-2026-55701 · Wso2 · Wso2 Api Manager+1
Published
2026-07-04
·
Updated
2026-07-04
·
CVE-2025-13475
CVSS v3.1
3.5
Low
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
The product name cannot be determined (affected versions not specified)
Description
In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. This occurs when consent granted by a user for a specific SaaS application in one tenant is incorrectly applied to SaaS applications with the same name in other tenants, resulting in cross-tenant consent sharing. This issue may lead to unauthorized data access and privacy violations, as SaaS applications in different tenants could access or modify user information without explicit authorization. This issue does not affect deployments that do not support multi-tenancy.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wso2 Api Manager
Wso2 Identity Server