关联漏洞
标题:
WSO2多款产品 安全漏洞
(CVE-2025-5605)
描述:WSO2 API Manager等都是美国WSO2公司的产品。WSO2 API Manager是一套API生命周期管理解决方案。WSO2 Identity Server(IS)是一款身份认证服务器。WSO2 Enterprise Integrator是一套开源的混合集成平台。 WSO2多款产品存在安全漏洞,该漏洞源于管理控制台身份验证绕过,可能导致未经授权访问内部系统详细信息。以下产品受到影响:WSO2 API Manager、WSO2 Identity Server和WSO2 Enterprise In
描述
An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure. The known exposure from this issue is limited to memory statistics. While the vulnerability does not allow full account compromise, it still enables unauthorized access to internal system details.
文件快照
id: CVE-2025-5605
info:
name: WSO2 Management Console - Authentication Bypass
author: Dhiyanesh
...
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。