216.73.217.19

CVE-2025-9955

· Published 16/10/2025 13:15 · Modified 16/10/2025 15:28

Labels: CVE-2025-9955 2025-10-16CVE-2025-9955CWE-863ed10eef1-636d-4fbe-9993-6890dfa878f8

Essential information

Published
16/10/2025 13:15
Modified
16/10/2025 15:28
Author
Creator
CVSS
5.7 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS metrics

Description

An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details that are not intended to be exposed at that privilege level. While no credentials or sensitive user information are exposed, this vulnerability may allow unauthorized visibility into internal operational details, which could aid in further exploitation or reconnaissance.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
ed10eef1-636d-4fbe-9993-6890dfa878f8
NVD
View on NVD

Affected products (CPE)

ProductCPE
wso2 / enterprise integrator cpe:2.3:a:wso2:enterprise_integrator:*:*:*:*:*:*:*:*

References