{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-11093","assignerOrgId":"ed10eef1-636d-4fbe-9993-6890dfa878f8","state":"PUBLISHED","assignerShortName":"WSO2","dateReserved":"2025-09-27T07:10:05.485Z","datePublished":"2025-11-05T18:31:17.873Z","dateUpdated":"2025-11-05T19:39:15.696Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"WSO2 Micro Integrator","vendor":"WSO2","versions":[{"lessThan":"4.0.0","status":"unknown","version":"0","versionType":"custom"},{"lessThan":"4.0.0.145","status":"affected","version":"4.0.0","versionType":"custom"},{"lessThan":"4.1.0.147","status":"affected","version":"4.1.0","versionType":"custom"},{"lessThan":"4.2.0.141","status":"affected","version":"4.2.0","versionType":"custom"},{"lessThan":"4.3.0.42","status":"affected","version":"4.3.0","versionType":"custom"},{"lessThan":"4.4.0.27","status":"affected","version":"4.4.0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"WSO2 API Manager","vendor":"WSO2","versions":[{"lessThan":"3.1.0","status":"unknown","version":"0","versionType":"custom"},{"lessThan":"3.1.0.345","status":"affected","version":"3.1.0","versionType":"custom"},{"lessThan":"3.2.0.446","status":"affected","version":"3.2.0","versionType":"custom"},{"lessThan":"3.2.1.66","status":"affected","version":"3.2.1","versionType":"custom"},{"lessThan":"4.0.0.366","status":"affected","version":"4.0.0","versionType":"custom"},{"lessThan":"4.1.0.228","status":"affected","version":"4.1.0","versionType":"custom"},{"lessThan":"4.2.0.169","status":"affected","version":"4.2.0","versionType":"custom"},{"lessThan":"4.3.0.81","status":"affected","version":"4.3.0","versionType":"custom"},{"lessThan":"4.4.0.45","status":"affected","version":"4.4.0","versionType":"custom"},{"lessThan":"4.5.0.28","status":"affected","version":"4.5.0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"WSO2 Enterprise Integrator","vendor":"WSO2","versions":[{"lessThan":"6.6.0","status":"unknown","version":"0","versionType":"custom"},{"lessThan":"6.6.0.224","status":"affected","version":"6.6.0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"WSO2 Universal Gateway","vendor":"WSO2","versions":[{"lessThan":"4.5.0.27","status":"affected","version":"4.5.0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"WSO2 API Control Plane","vendor":"WSO2","versions":[{"lessThan":"4.5.0.29","status":"affected","version":"4.5.0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"WSO2 Traffic Manager","vendor":"WSO2","versions":[{"lessThan":"4.5.0.27","status":"affected","version":"4.5.0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"WSO2 Open Banking IAM","vendor":"WSO2","versions":[{"lessThan":"2.0.0","status":"unknown","version":"0","versionType":"custom"},{"lessThan":"2.0.0.414","status":"affected","version":"2.0.0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"WSO2 Open Banking AM","vendor":"WSO2","versions":[{"lessThan":"2.0.0","status":"unknown","version":"0","versionType":"custom"},{"lessThan":"2.0.0.394","status":"affected","version":"2.0.0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"WSO2 Identity Server as Key Manager","vendor":"WSO2","versions":[{"lessThan":"5.10.0","status":"unknown","version":"0","versionType":"custom"},{"lessThan":"5.10.0.365","status":"affected","version":"5.10.0","versionType":"custom"}]},{"defaultStatus":"unknown","packageName":"org.apache.synapse:synapse-core","product":"org.apache.synapse:synapse-core","vendor":"WSO2","versions":[{"lessThan":"2.1.7.wso2v227_99","status":"affected","version":"2.1.7.wso2v227","versionType":"custom"},{"lessThan":"2.1.7.wso2v271_88","status":"affected","version":"2.1.7.wso2v271","versionType":"custom"},{"lessThan":"2.1.7.wso2v143_121","status":"affected","version":"2.1.7.wso2v143","versionType":"custom"},{"lessThan":"2.1.7.wso2v319_13","status":"affected","version":"2.1.7.wso2v319","versionType":"custom"},{"lessThan":"2.1.7.wso2v183_72","status":"affected","version":"2.1.7.wso2v183","versionType":"custom"},{"lessThan":"4.0.0.wso2v119_27","status":"affected","version":"4.0.0.wso2v119","versionType":"custom"},{"lessThan":"4.0.0.wso2v20_93","status":"affected","version":"4.0.0.wso2v20","versionType":"custom"},{"lessThan":"4.0.0.wso2v215_26","status":"affected","version":"4.0.0.wso2v215","versionType":"custom"},{"lessThan":"4.0.0.wso2v218_1","status":"affected","version":"4.0.0.wso2v218","versionType":"custom"},{"lessThan":"4.0.0.wso2v105_13","status":"affected","version":"4.0.0.wso2v105","versionType":"custom"},{"lessThan":"4.0.0.wso2v131_5","status":"affected","version":"4.0.0.wso2v131","versionType":"custom"},{"lessThanOrEqual":"*","status":"unaffected","version":"4.0.0-wso2v254","versionType":"custom"}]},{"defaultStatus":"unknown","packageName":"org.apache.synapse:synapse-extensions","product":"org.apache.synapse:synapse-extensions","vendor":"WSO2","versions":[{"lessThan":"2.1.7.wso2v227_99","status":"affected","version":"2.1.7.wso2v227","versionType":"custom"},{"lessThan":"2.1.7.wso2v271_88","status":"affected","version":"2.1.7.wso2v271","versionType":"custom"},{"lessThan":"2.1.7.wso2v143_121","status":"affected","version":"2.1.7.wso2v143","versionType":"custom"},{"lessThan":"2.1.7.wso2v319_13","status":"affected","version":"2.1.7.wso2v319","versionType":"custom"},{"lessThan":"2.1.7.wso2v183_72","status":"affected","version":"2.1.7.wso2v183","versionType":"custom"},{"lessThan":"4.0.0.wso2v119_27","status":"affected","version":"4.0.0.wso2v119","versionType":"custom"},{"lessThan":"4.0.0.wso2v20_93","status":"affected","version":"4.0.0.wso2v20","versionType":"custom"},{"lessThan":"4.0.0.wso2v215_26","status":"affected","version":"4.0.0.wso2v215","versionType":"custom"},{"lessThan":"4.0.0.wso2v218_1","status":"affected","version":"4.0.0.wso2v218","versionType":"custom"},{"lessThan":"4.0.0.wso2v105_13","status":"affected","version":"4.0.0.wso2v105","versionType":"custom"},{"lessThan":"4.0.0.wso2v131_5","status":"affected","version":"4.0.0.wso2v131","versionType":"custom"},{"lessThanOrEqual":"*","status":"unaffected","version":"4.0.0-wso2v254","versionType":"custom"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:wso2:wso2_micro_integrator:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.0.145","versionStartIncluding":"4.0.0","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_micro_integrator:*:*:*:*:*:*:*:*","versionEndExcluding":"4.1.0.147","versionStartIncluding":"4.1.0","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_micro_integrator:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.0.141","versionStartIncluding":"4.2.0","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_micro_integrator:*:*:*:*:*:*:*:*","versionEndExcluding":"4.3.0.42","versionStartIncluding":"4.3.0","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_micro_integrator:*:*:*:*:*:*:*:*","versionEndExcluding":"4.4.0.27","versionStartIncluding":"4.4.0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1.0.345","versionStartIncluding":"3.1.0","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2.0.446","versionStartIncluding":"3.2.0","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2.1.66","versionStartIncluding":"3.2.1","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.0.366","versionStartIncluding":"4.0.0","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"4.1.0.228","versionStartIncluding":"4.1.0","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.0.169","versionStartIncluding":"4.2.0","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"4.3.0.81","versionStartIncluding":"4.3.0","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"4.4.0.45","versionStartIncluding":"4.4.0","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5.0.28","versionStartIncluding":"4.5.0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:wso2:wso2_enterprise_integrator:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.0.224","versionStartIncluding":"6.6.0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:wso2:wso2_universal_gateway:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5.0.27","versionStartIncluding":"4.5.0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:wso2:wso2_api_control_plane:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5.0.29","versionStartIncluding":"4.5.0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:wso2:wso2_traffic_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5.0.27","versionStartIncluding":"4.5.0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:wso2:wso2_open_banking_iam:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0.0.414","versionStartIncluding":"2.0.0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:wso2:wso2_open_banking_am:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0.0.394","versionStartIncluding":"2.0.0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:wso2:wso2_identity_server_as_key_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.0.365","versionStartIncluding":"5.10.0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:wso2:org.apache.synapse_synapse-core:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1.7.wso2v227_99","versionStartIncluding":"2.1.7.wso2v227","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.apache.synapse_synapse-core:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1.7.wso2v271_88","versionStartIncluding":"2.1.7.wso2v271","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.apache.synapse_synapse-core:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1.7.wso2v143_121","versionStartIncluding":"2.1.7.wso2v143","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.apache.synapse_synapse-core:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1.7.wso2v319_13","versionStartIncluding":"2.1.7.wso2v319","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.apache.synapse_synapse-core:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1.7.wso2v183_72","versionStartIncluding":"2.1.7.wso2v183","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.apache.synapse_synapse-core:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.0.wso2v119_27","versionStartIncluding":"4.0.0.wso2v119","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.apache.synapse_synapse-core:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.0.wso2v20_93","versionStartIncluding":"4.0.0.wso2v20","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.apache.synapse_synapse-core:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.0.wso2v215_26","versionStartIncluding":"4.0.0.wso2v215","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.apache.synapse_synapse-core:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.0.wso2v218_1","versionStartIncluding":"4.0.0.wso2v218","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.apache.synapse_synapse-core:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.0.wso2v105_13","versionStartIncluding":"4.0.0.wso2v105","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.apache.synapse_synapse-core:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.0.wso2v131_5","versionStartIncluding":"4.0.0.wso2v131","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.apache.synapse_synapse-core:*:*:*:*:*:*:*:*","versionEndIncluding":"*","versionStartIncluding":"4.0.0-wso2v254","vulnerable":false}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:wso2:org.apache.synapse_synapse-extensions:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1.7.wso2v227_99","versionStartIncluding":"2.1.7.wso2v227","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.apache.synapse_synapse-extensions:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1.7.wso2v271_88","versionStartIncluding":"2.1.7.wso2v271","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.apache.synapse_synapse-extensions:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1.7.wso2v143_121","versionStartIncluding":"2.1.7.wso2v143","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.apache.synapse_synapse-extensions:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1.7.wso2v319_13","versionStartIncluding":"2.1.7.wso2v319","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.apache.synapse_synapse-extensions:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1.7.wso2v183_72","versionStartIncluding":"2.1.7.wso2v183","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.apache.synapse_synapse-extensions:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.0.wso2v119_27","versionStartIncluding":"4.0.0.wso2v119","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.apache.synapse_synapse-extensions:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.0.wso2v20_93","versionStartIncluding":"4.0.0.wso2v20","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.apache.synapse_synapse-extensions:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.0.wso2v215_26","versionStartIncluding":"4.0.0.wso2v215","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.apache.synapse_synapse-extensions:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.0.wso2v218_1","versionStartIncluding":"4.0.0.wso2v218","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.apache.synapse_synapse-extensions:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.0.wso2v105_13","versionStartIncluding":"4.0.0.wso2v105","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.apache.synapse_synapse-extensions:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.0.wso2v131_5","versionStartIncluding":"4.0.0.wso2v131","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.apache.synapse_synapse-extensions:*:*:*:*:*:*:*:*","versionEndIncluding":"*","versionStartIncluding":"4.0.0-wso2v254","vulnerable":false}],"negate":false,"operator":"OR"}],"operator":"OR"}],"credits":[{"lang":"en","type":"reporter","value":"crnković"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An arbitrary code execution vulnerability exists in multiple WSO2 products due to insufficient restrictions in the GraalJS and NashornJS Script Mediator engines. Authenticated users with elevated privileges can execute arbitrary code within the integration runtime environment.<br><br>By default, access to these scripting engines is limited to administrators in WSO2 Micro Integrator and WSO2 Enterprise Integrator, while in WSO2 API Manager, access extends to both administrators and API creators. This may allow trusted-but-privileged users to perform unauthorized actions or compromise the execution environment.<br>"}],"value":"An arbitrary code execution vulnerability exists in multiple WSO2 products due to insufficient restrictions in the GraalJS and NashornJS Script Mediator engines. Authenticated users with elevated privileges can execute arbitrary code within the integration runtime environment.\n\nBy default, access to these scripting engines is limited to administrators in WSO2 Micro Integrator and WSO2 Enterprise Integrator, while in WSO2 API Manager, access extends to both administrators and API creators. This may allow trusted-but-privileged users to perform unauthorized actions or compromise the execution environment."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":8.4,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-94","description":"CWE-94 Improper Control of Generation of Code ('Code Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"ed10eef1-636d-4fbe-9993-6890dfa878f8","shortName":"WSO2","dateUpdated":"2025-11-05T18:34:04.737Z"},"references":[{"tags":["vendor-advisory"],"url":"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4510/"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: transparent;\">Follow the instructions given on </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4510/#solution\"><span style=\"background-color: transparent;\">https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4510/#solution</span></a> <br>"}],"value":"Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4510/#solution"}],"source":{"advisory":"WSO2-2025-4510","discovery":"EXTERNAL"},"title":"Arbitrary Code Execution with higher privileged users in Multiple WSO2 Products via Script Mediator Engines (GraalJS and NashornJS)","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-11-05T19:14:13.042418Z","id":"CVE-2025-11093","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-11-05T19:39:15.696Z"}}]}}