CVE-2025-5605 – Authentication Bypass via URI Manipulation in Multiple WSO2 Products’ Management Console Leading to Partial Information Disclosure

CVE ID : CVE-2025-5605

Published : Oct. 24, 2025, 10:15 a.m. | 28 minutes ago

Description : An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure.

The known exposure from this issue is limited to memory statistics. While the vulnerability does not allow full account compromise, it still enables unauthorized access to internal system details.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

آسیب‌پذیری‌های جدید و وصله‌های امنیتی به‌صورت مداوم منتشر می‌شوند و عدم بروزرسانی به‌موقع می‌تواند امنیت سرویس‌های حیاتی را به خطر بیندازد. خدمات مدیریت و پشتیبانی سرور آفاق هاستینگ شامل پایش امنیتی، بروزرسانی نرم‌افزارها، نصب Patchهای امنیتی و سخت‌سازی سرورها است.

خدمات مدیریت و امنیت سرور

نوشته های مشابه

CVE-2026-11791 – 389-ds-base: 389-ds-base: use-after-free in schema reload via attr_syntax_swap_ht()

CVE-2026-44691 – Eclipse Theia Workspace Trust Bypass via Malicious Task Definitions

CVE-2026-22551 – Eclipse Theia Improper Neutralization of Special Elements used in an Image URI (Image Path Traversal)

CVE-2025-58175 – GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution