CVE-2025-3125

Summary

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate privileges can upload a malicious file to a user-controlled location on the server, potentially leading to remote code execution (RCE).

This functionality is restricted by default to admin users; therefore, successful exploitation requires valid credentials with administrative permissions.

Affected Software

VendorProductVersion RangeStatus
WSO2WSO2 Identity Server0 < 5.10.0unknown
WSO2WSO2 Identity Server5.10.0 < 5.10.0.360affected
WSO2WSO2 Identity Server5.11.0 < 5.11.0.399affected
WSO2WSO2 Identity Server6.0.0 < 6.0.0.235affected
WSO2WSO2 Identity Server6.1.0 < 6.1.0.230affected
WSO2WSO2 Identity Server7.0.0 < 7.0.0.101affected
WSO2WSO2 Identity Server7.1.0 < 7.1.0.32affected
WSO2WSO2 Enterprise Integrator0 < 6.6.0unknown
WSO2WSO2 Enterprise Integrator6.6.0 < 6.6.0.217affected
WSO2WSO2 Open Banking IAM0 < 2.0.0unknown
WSO2WSO2 Open Banking IAM2.0.0 < 2.0.0.402affected
WSO2WSO2 Identity Server as Key Manager0 < 5.10.0unknown
WSO2WSO2 Identity Server as Key Manager5.10.0 < 5.10.0.353affected
WSO2WSO2 API Manager0 < 3.2.0unknown
WSO2WSO2 API Manager3.2.0 < 3.2.0.421affected
WSO2WSO2 API Manager3.2.1 < 3.2.1.41affected
WSO2WSO2 API Manager4.0.0 < 4.0.0.342affected
WSO2WSO2 API Manager4.1.0 < 4.1.0.203affected
WSO2WSO2 API Manager4.2.0 < 4.2.0.142affected
WSO2WSO2 API Manager4.3.0 < 4.3.0.55affected
WSO2WSO2 API Manager4.4.0 < 4.4.0.19affected
WSO2WSO2 API Manager4.5.0 < 4.5.0.2affected
WSO2WSO2 API Manager4.6.0 < 4.6.0.3affected
WSO2WSO2 API Control Plane4.5.0 < 4.5.0.2affected
WSO2WSO2 API Control Plane4.6.0 < 4.6.0.3affected
WSO2WSO2 Universal Gateway4.5.0 < 4.5.0.2affected
WSO2WSO2 Universal Gateway4.6.0 < 4.6.0.3affected
WSO2WSO2 Traffic Manager4.5.0 < 4.5.0.2affected
WSO2WSO2 Traffic Manager4.6.0 < 4.6.0.3affected
WSO2org.wso2.carbon.commons:org.wso2.carbon.application.upload4.7.19 < 4.7.19.7affected
WSO2org.wso2.carbon.commons:org.wso2.carbon.application.upload4.7.32 < 4.7.32.5affected
WSO2org.wso2.carbon.commons:org.wso2.carbon.application.upload4.7.35 < 4.7.35.8affected
WSO2org.wso2.carbon.commons:org.wso2.carbon.application.upload4.7.39 < 4.7.39.1affected
WSO2org.wso2.carbon.commons:org.wso2.carbon.application.upload4.7.49 < 4.7.49.4affected
WSO2org.wso2.carbon.commons:org.wso2.carbon.application.upload4.7.52 < 4.7.52.1affected
WSO2org.wso2.carbon.commons:org.wso2.carbon.application.upload4.10.13 < 4.10.13.1affected
WSO2org.wso2.carbon.commons:org.wso2.carbon.application.upload4.9.12 <= 4.9.*unaffected
WSO2org.wso2.carbon.commons:org.wso2.carbon.application.upload4.10.24 <= *unaffected

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References