All 4 CVE vulnerabilities found in WSO2 Identity Server as Key Manager, with AI-generated Chinese analysis, references, and POCs.
Vendor: WSO2
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-9804 | Improper Access Control in Multiple WSO2 Products via Internal SOAP Admin Services and System REST APIs | 8.9 | High | 2025-10-16 |
| CVE-2025-0672 | Authentication Bypass in Multiple WSO2 Products via Stale FIDO Credential Association | 3.3 | Low | 2025-09-23 |
| CVE-2024-6429 | Content Spoofing in Multiple WSO2 Products via Error Message Injection | 4.3 | Medium | 2025-09-23 |
| CVE-2024-7073 | Unauthenticated Server-Side Request Forgery (SSRF) in Multiple WSO2 Products via SOAP Admin Services CWE-918 | 6.5 | Medium | 2025-06-02 |
All 4 known CVE vulnerabilities affecting WSO2 Identity Server as Key Manager with full Chinese analysis, references, and POCs where available.