Security Advisory

CVE-2025-2905

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-05 09:02:01

Last updated 2025-10-16 11:39:21

Assigner WSO2

State PUBLISHED

Description

Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity (XXE) resolution in multiple WSO2 Products. A successful XXE attack could allow a remote, unauthenticated attacker to: * Read sensitive files from the server’s filesystem. * Perform denial-of-service (DoS) attacks, which can render the affected service unavailable.

← Browse all CVEs View on cve.org ↗