Browse all 60 CVE security advisories affecting WSO2. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WSO2 provides an open-source platform for API management, identity and access management, and enterprise integration. Its middleware architecture, which facilitates complex digital transformations, has historically been a target for attackers due to its broad attack surface. The 57 recorded Common Vulnerabilities and Exposures (CVEs) predominantly involve remote code execution, cross-site scripting, and authentication bypass flaws. These issues often stem from improper input validation and insecure default configurations within its API gateway and identity server components. While no single catastrophic breach has defined the vendor’s public history, the high volume of vulnerabilities indicates systemic weaknesses in code review processes for legacy modules. Security practitioners must prioritize patching these known exploits, particularly those affecting exposed management consoles, to prevent unauthorized access and data exfiltration in enterprise environments relying on this integration suite.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-10853 | Reflected Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products Due to Improper Output Encoding — WSO2 Open Banking IAMCWE-79 | 5.2 | Medium | 2025-11-05 |
| CVE-2025-0663 | Potential cross-tenant account takeover vulnerability in Multiple WSO2 Products via Adaptive Authentication and Auto-Login — WSO2 Open Banking IAM | 6.8 | Medium | 2025-09-23 |
| CVE-2024-7096 | Privilege Escalation in Multiple WSO2 Products via SOAP Admin Service Due to Business Logic Flaw — WSO2 Open Banking IAMCWE-863 | 4.2 | Medium | 2025-05-30 |
This page lists every published CVE security advisory associated with WSO2. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.