{"id":71813,"date":"2025-10-16T15:39:31","date_gmt":"2025-10-16T12:09:31","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2025-10611-potential-broken-access-control-in-multiple-wso2-products-via-system-rest-apis\/"},"modified":"2025-10-16T15:39:31","modified_gmt":"2025-10-16T12:09:31","slug":"cve-2025-10611-potential-broken-access-control-in-multiple-wso2-products-via-system-rest-apis","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2025-10611-potential-broken-access-control-in-multiple-wso2-products-via-system-rest-apis\/","title":{"rendered":"CVE-2025-10611 &#8211; Potential Broken Access Control in Multiple WSO2 Products via System REST APIs"},"content":{"rendered":"<p>CVE ID : CVE-2025-10611<\/p>\n<p>Published :  Oct. 16, 2025, 12:09 p.m. | 31\u00a0minutes ago<\/p>\n<p>Description : Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without proper validation.<\/p>\n<p>Successful exploitation of this vulnerability could lead to a malicious actor gaining administrative access and performing unauthenticated and unauthorized administrative operations.<\/p>\n<p>Severity: 9.8 | CRITICAL<\/p>\n<p>Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2025-10611 Published : Oct. 16, 2025, 12:09 p.m. | 31\u00a0minutes ago Description : Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without proper validation. Successful exploitation of this vulnerability could lead to a &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-71813","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/71813","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=71813"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/71813\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=71813"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=71813"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=71813"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}