CVE-2025-3125
6.7
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
Summary
An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate privileges can upload a malicious file to a user-controlled location on the server, potentially leading to remote code execution (RCE).
This functionality is restricted by default to admin users; therefore, successful exploitation requires valid credentials with administrative permissions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| WSO2 | WSO2 Identity Server | 0 < 5.10.0 | unknown |
| WSO2 | WSO2 Identity Server | 5.10.0 < 5.10.0.360 | affected |
| WSO2 | WSO2 Identity Server | 5.11.0 < 5.11.0.399 | affected |
| WSO2 | WSO2 Identity Server | 6.0.0 < 6.0.0.235 | affected |
| WSO2 | WSO2 Identity Server | 6.1.0 < 6.1.0.230 | affected |
| WSO2 | WSO2 Identity Server | 7.0.0 < 7.0.0.101 | affected |
| WSO2 | WSO2 Identity Server | 7.1.0 < 7.1.0.32 | affected |
| WSO2 | WSO2 Enterprise Integrator | 0 < 6.6.0 | unknown |
| WSO2 | WSO2 Enterprise Integrator | 6.6.0 < 6.6.0.217 | affected |
| WSO2 | WSO2 Open Banking IAM | 0 < 2.0.0 | unknown |
| WSO2 | WSO2 Open Banking IAM | 2.0.0 < 2.0.0.402 | affected |
| WSO2 | WSO2 Identity Server as Key Manager | 0 < 5.10.0 | unknown |
| WSO2 | WSO2 Identity Server as Key Manager | 5.10.0 < 5.10.0.353 | affected |
| WSO2 | WSO2 API Manager | 0 < 3.2.0 | unknown |
| WSO2 | WSO2 API Manager | 3.2.0 < 3.2.0.421 | affected |
| WSO2 | WSO2 API Manager | 3.2.1 < 3.2.1.41 | affected |
| WSO2 | WSO2 API Manager | 4.0.0 < 4.0.0.342 | affected |
| WSO2 | WSO2 API Manager | 4.1.0 < 4.1.0.203 | affected |
| WSO2 | WSO2 API Manager | 4.2.0 < 4.2.0.142 | affected |
| WSO2 | WSO2 API Manager | 4.3.0 < 4.3.0.55 | affected |
| WSO2 | WSO2 API Manager | 4.4.0 < 4.4.0.19 | affected |
| WSO2 | WSO2 API Manager | 4.5.0 < 4.5.0.2 | affected |
| WSO2 | WSO2 API Manager | 4.6.0 < 4.6.0.3 | affected |
| WSO2 | WSO2 API Control Plane | 4.5.0 < 4.5.0.2 | affected |
| WSO2 | WSO2 API Control Plane | 4.6.0 < 4.6.0.3 | affected |
| WSO2 | WSO2 Universal Gateway | 4.5.0 < 4.5.0.2 | affected |
| WSO2 | WSO2 Universal Gateway | 4.6.0 < 4.6.0.3 | affected |
| WSO2 | WSO2 Traffic Manager | 4.5.0 < 4.5.0.2 | affected |
| WSO2 | WSO2 Traffic Manager | 4.6.0 < 4.6.0.3 | affected |
| WSO2 | org.wso2.carbon.commons:org.wso2.carbon.application.upload | 4.7.19 < 4.7.19.7 | affected |
| WSO2 | org.wso2.carbon.commons:org.wso2.carbon.application.upload | 4.7.32 < 4.7.32.5 | affected |
| WSO2 | org.wso2.carbon.commons:org.wso2.carbon.application.upload | 4.7.35 < 4.7.35.8 | affected |
| WSO2 | org.wso2.carbon.commons:org.wso2.carbon.application.upload | 4.7.39 < 4.7.39.1 | affected |
| WSO2 | org.wso2.carbon.commons:org.wso2.carbon.application.upload | 4.7.49 < 4.7.49.4 | affected |
| WSO2 | org.wso2.carbon.commons:org.wso2.carbon.application.upload | 4.7.52 < 4.7.52.1 | affected |
| WSO2 | org.wso2.carbon.commons:org.wso2.carbon.application.upload | 4.10.13 < 4.10.13.1 | affected |
| WSO2 | org.wso2.carbon.commons:org.wso2.carbon.application.upload | 4.9.12 <= 4.9.* | unaffected |
| WSO2 | org.wso2.carbon.commons:org.wso2.carbon.application.upload | 4.10.24 <= * | unaffected |
Weaknesses
- CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.