โ† ุงู„ุนูˆุฏุฉ ู„ู„ุฌุฏูˆู„
CVE-2025-2905
CVE-2025-2905 โ€” Due to the improper configuration of XML parser, user-supplied XML is parsed wit
๐Ÿ“… 2025-05-05
๐Ÿ”ด Critical ๐Ÿ”ฅ No NVD Vulnerability Vulnerability CVSS 9.1 ๐ŸŽฏ EPSS 0.13%

๐Ÿ“‹ ุงู„ูˆุตู ุงู„ูƒุงู…ู„

Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity (XXE) resolution in multiple WSO2 Products. A successful XXE attack could allow a remote, unauthenticated attacker to: * Read sensitive files from the serverโ€™s filesystem. * Perform denial-of-service (DoS) attacks, which can render the affecte

๐Ÿ’ป ุงู„ุฃู†ุธู…ุฉ ุงู„ู…ุชุฃุซุฑุฉ

Due to the

โš ๏ธ ู†ูˆุน ุงู„ุชู‡ุฏูŠุฏ

Vulnerability

๐Ÿ”— CVE ID

CVE-2025-2905

๐Ÿ“ก ุงู„ู…ุตุฏุฑ

NVD

โœ… ุงู„ุญู„ูˆู„ ูˆุงู„ุชุฎููŠู

Refer to CVE-2025-2905 NVD advisory

๐Ÿ”— ุงู„ู…ุตุฏุฑ ุงู„ุฃุตู„ูŠ โ† ๐Ÿ“˜ NVD โ† โšก CISA KEV โ†