{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-3125","assignerOrgId":"ed10eef1-636d-4fbe-9993-6890dfa878f8","state":"PUBLISHED","assignerShortName":"WSO2","dateReserved":"2025-04-02T15:12:12.137Z","datePublished":"2025-11-05T14:49:44.597Z","dateUpdated":"2026-01-20T04:14:55.775Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"WSO2 Identity Server","vendor":"WSO2","versions":[{"lessThan":"5.10.0","status":"unknown","version":"0","versionType":"custom"},{"lessThan":"5.10.0.360","status":"affected","version":"5.10.0","versionType":"custom"},{"lessThan":"5.11.0.399","status":"affected","version":"5.11.0","versionType":"custom"},{"lessThan":"6.0.0.235","status":"affected","version":"6.0.0","versionType":"custom"},{"lessThan":"6.1.0.230","status":"affected","version":"6.1.0","versionType":"custom"},{"lessThan":"7.0.0.101","status":"affected","version":"7.0.0","versionType":"custom"},{"lessThan":"7.1.0.32","status":"affected","version":"7.1.0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"WSO2 Enterprise Integrator","vendor":"WSO2","versions":[{"lessThan":"6.6.0","status":"unknown","version":"0","versionType":"custom"},{"lessThan":"6.6.0.217","status":"affected","version":"6.6.0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"WSO2 Open Banking IAM","vendor":"WSO2","versions":[{"lessThan":"2.0.0","status":"unknown","version":"0","versionType":"custom"},{"lessThan":"2.0.0.402","status":"affected","version":"2.0.0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"WSO2 Identity Server as Key Manager","vendor":"WSO2","versions":[{"lessThan":"5.10.0","status":"unknown","version":"0","versionType":"custom"},{"lessThan":"5.10.0.353","status":"affected","version":"5.10.0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"WSO2 API Manager","vendor":"WSO2","versions":[{"lessThan":"3.2.0","status":"unknown","version":"0","versionType":"custom"},{"lessThan":"3.2.0.421","status":"affected","version":"3.2.0","versionType":"custom"},{"lessThan":"3.2.1.41","status":"affected","version":"3.2.1","versionType":"custom"},{"lessThan":"4.0.0.342","status":"affected","version":"4.0.0","versionType":"custom"},{"lessThan":"4.1.0.203","status":"affected","version":"4.1.0","versionType":"custom"},{"lessThan":"4.2.0.142","status":"affected","version":"4.2.0","versionType":"custom"},{"lessThan":"4.3.0.55","status":"affected","version":"4.3.0","versionType":"custom"},{"lessThan":"4.4.0.19","status":"affected","version":"4.4.0","versionType":"custom"},{"lessThan":"4.5.0.2","status":"affected","version":"4.5.0","versionType":"custom"},{"lessThan":"4.6.0.3","status":"affected","version":"4.6.0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"WSO2 API Control Plane","vendor":"WSO2","versions":[{"lessThan":"4.5.0.2","status":"affected","version":"4.5.0","versionType":"custom"},{"lessThan":"4.6.0.3","status":"affected","version":"4.6.0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"WSO2 Universal Gateway","vendor":"WSO2","versions":[{"lessThan":"4.5.0.2","status":"affected","version":"4.5.0","versionType":"custom"},{"lessThan":"4.6.0.3","status":"affected","version":"4.6.0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"WSO2 Traffic Manager","vendor":"WSO2","versions":[{"lessThan":"4.5.0.2","status":"affected","version":"4.5.0","versionType":"custom"},{"lessThan":"4.6.0.3","status":"affected","version":"4.6.0","versionType":"custom"}]},{"defaultStatus":"unknown","packageName":"org.wso2.carbon.commons:org.wso2.carbon.application.upload","product":"org.wso2.carbon.commons:org.wso2.carbon.application.upload","vendor":"WSO2","versions":[{"lessThan":"4.7.19.7","status":"affected","version":"4.7.19","versionType":"custom"},{"lessThan":"4.7.32.5","status":"affected","version":"4.7.32","versionType":"custom"},{"lessThan":"4.7.35.8","status":"affected","version":"4.7.35","versionType":"custom"},{"lessThan":"4.7.39.1","status":"affected","version":"4.7.39","versionType":"custom"},{"lessThan":"4.7.49.4","status":"affected","version":"4.7.49","versionType":"custom"},{"lessThan":"4.7.52.1","status":"affected","version":"4.7.52","versionType":"custom"},{"lessThan":"4.10.13.1","status":"affected","version":"4.10.13","versionType":"custom"},{"lessThanOrEqual":"4.9.*","status":"unaffected","version":"4.9.12","versionType":"custom"},{"lessThanOrEqual":"*","status":"unaffected","version":"4.10.24","versionType":"custom"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.0.360","versionStartIncluding":"5.10.0","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*","versionEndExcluding":"5.11.0.399","versionStartIncluding":"5.11.0","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*","versionEndExcluding":"6.0.0.235","versionStartIncluding":"6.0.0","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.0.230","versionStartIncluding":"6.1.0","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0.0.101","versionStartIncluding":"7.0.0","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*","versionEndExcluding":"7.1.0.32","versionStartIncluding":"7.1.0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:wso2:wso2_enterprise_integrator:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.0.217","versionStartIncluding":"6.6.0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:wso2:wso2_open_banking_iam:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0.0.402","versionStartIncluding":"2.0.0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:wso2:wso2_identity_server_as_key_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.0.353","versionStartIncluding":"5.10.0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2.0.421","versionStartIncluding":"3.2.0","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2.1.41","versionStartIncluding":"3.2.1","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.0.342","versionStartIncluding":"4.0.0","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"4.1.0.203","versionStartIncluding":"4.1.0","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.0.142","versionStartIncluding":"4.2.0","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"4.3.0.55","versionStartIncluding":"4.3.0","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"4.4.0.19","versionStartIncluding":"4.4.0","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5.0.2","versionStartIncluding":"4.5.0","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"4.6.0.3","versionStartIncluding":"4.6.0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:wso2:wso2_api_control_plane:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5.0.2","versionStartIncluding":"4.5.0","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_api_control_plane:*:*:*:*:*:*:*:*","versionEndExcluding":"4.6.0.3","versionStartIncluding":"4.6.0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:wso2:wso2_universal_gateway:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5.0.2","versionStartIncluding":"4.5.0","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_universal_gateway:*:*:*:*:*:*:*:*","versionEndExcluding":"4.6.0.3","versionStartIncluding":"4.6.0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:wso2:wso2_traffic_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5.0.2","versionStartIncluding":"4.5.0","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:wso2_traffic_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"4.6.0.3","versionStartIncluding":"4.6.0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:wso2:org.wso2.carbon.commons_org.wso2.carbon.application.upload:*:*:*:*:*:*:*:*","versionEndExcluding":"4.7.19.7","versionStartIncluding":"4.7.19","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.wso2.carbon.commons_org.wso2.carbon.application.upload:*:*:*:*:*:*:*:*","versionEndExcluding":"4.7.32.5","versionStartIncluding":"4.7.32","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.wso2.carbon.commons_org.wso2.carbon.application.upload:*:*:*:*:*:*:*:*","versionEndExcluding":"4.7.35.8","versionStartIncluding":"4.7.35","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.wso2.carbon.commons_org.wso2.carbon.application.upload:*:*:*:*:*:*:*:*","versionEndExcluding":"4.7.39.1","versionStartIncluding":"4.7.39","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.wso2.carbon.commons_org.wso2.carbon.application.upload:*:*:*:*:*:*:*:*","versionEndExcluding":"4.7.49.4","versionStartIncluding":"4.7.49","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.wso2.carbon.commons_org.wso2.carbon.application.upload:*:*:*:*:*:*:*:*","versionEndExcluding":"4.7.52.1","versionStartIncluding":"4.7.52","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.wso2.carbon.commons_org.wso2.carbon.application.upload:*:*:*:*:*:*:*:*","versionEndExcluding":"4.10.13.1","versionStartIncluding":"4.10.13","vulnerable":true},{"criteria":"cpe:2.3:a:wso2:org.wso2.carbon.commons_org.wso2.carbon.application.upload:*:*:*:*:*:*:*:*","versionEndIncluding":"4.9.*","versionStartIncluding":"4.9.12","vulnerable":false},{"criteria":"cpe:2.3:a:wso2:org.wso2.carbon.commons_org.wso2.carbon.application.upload:*:*:*:*:*:*:*:*","versionEndIncluding":"*","versionStartIncluding":"4.10.24","vulnerable":false}],"negate":false,"operator":"OR"}],"operator":"OR"}],"credits":[{"lang":"en","type":"reporter","value":"Danh Nguyen (k4it0) from VIB Pentest Team"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate privileges can upload a malicious file to a user-controlled location on the server, potentially leading to remote code execution (RCE).<br><br>This functionality is restricted by default to admin users; therefore, successful exploitation requires valid credentials with administrative permissions.<br>"}],"value":"An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate privileges can upload a malicious file to a user-controlled location on the server, potentially leading to remote code execution (RCE).\n\nThis functionality is restricted by default to admin users; therefore, successful exploitation requires valid credentials with administrative permissions."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":6.7,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-434","description":"CWE-434 Unrestricted Upload of File with Dangerous Type","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"ed10eef1-636d-4fbe-9993-6890dfa878f8","shortName":"WSO2","dateUpdated":"2026-01-20T04:14:55.775Z"},"references":[{"tags":["vendor-advisory"],"url":"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3961/"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: transparent;\">Follow the instructions given on </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3961/#solution\"><span style=\"background-color: transparent;\">https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3961/#solution</span></a> <br>"}],"value":"Follow the instructions given on  https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3961/#solution https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3961/#solution"}],"source":{"advisory":"WSO2-2025-3961","discovery":"EXTERNAL"},"title":"Authenticated Arbitrary File Upload in Multiple WSO2 Products via CarbonAppUploader Admin Service Leading to Remote Code Execution","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-11-05T18:58:52.925152Z","id":"CVE-2025-3125","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-11-05T18:59:01.426Z"}}]}}