CVE-2025-10611CRITICAL 9.8EPSS p51.2%

CVE-2025-10611CVE-2025-10611

Description

Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without proper validation. Successful exploitation of this vulnerability could lead to a malicious actor gaining administrative access and performing unauthenticated and unauthorized administrative operations.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.78% probability of exploitation · percentile 51.2% · 2026-06-18T12:00:27Z
Published2025-10-16
Last modified2025-11-21

Underlying weaknesses· 1

CWE-863

References

  1. https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4585/

1

TypeTargetConfidenceTier
WeaknessIncorrect Authorizationcwe-8630%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-9152
CVE
CVE-2025-9312
CVE
CVE-2025-47889
CVE
CVE-2026-10622
CVE
CVE-2026-23899
CVE
CVE-2026-20223
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.