Key Information Vulnerability Overview Vulnerability ID: WSO2-2025-4115/CVE-2025-5605 Release Date: 2025-10-24 Update Date: 2025-10-24 Severity: Medium CVSS Score: 4.3 (AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) Affected Products WSO2 API Control Plane: 4.5.0 WSO2 API Manager: 4.5.0, 4.4.0, 4.3.0, 4.2.0, 4.1.0, 4.0.0, 3.2.1, 3.2.0, 3.1.0 WSO2 Enterprise Integrator: 6.6.0 WSO2 Identity Server as Key Manager: 5.10.0 WSO2 Identity Server: 7.1.0, 7.0.0, 6.1.0, 6.0.0, 5.11.0, 5.10.0 WSO2 Open Banking AM: 2.0.0 WSO2 Open Banking IAM: 2.0.0 WSO2 Traffic Manager: 4.5.0 WSO2 Universal Gateway: 4.5.0 Description Malicious actors can gain unauthorized access to certain resources in the management console by manipulating the request URI, leading to partial information disclosure. Impact Exploiting this issue allows malicious actors with access to the management console to access certain functionalities without valid user credentials. The currently known exposure is limited to memory statistics. Solution Community Users (Open Source): Apply the provided public fix. Support Subscription Holders: Upgrade the product to the specified update level or higher to apply the fix. Acknowledgments Thank you to Noël MACCARY for responsibly reporting the identified issue and assisting in its resolution.