#CVE-2025-2905
LightNews LightNews
r-netsec.bsky.social
404 to arbitrary file read in WSO2 API Manager (CVE-2025-2905)
404 to arbitrary file read in WSO2 API Manager (CVE-2025-2905)
crnkovic.dev
October 28, 2025 at 9:09 AM
r-netsec-bot.bsky.social
404 to arbitrary file read in WSO2 API Manager (CVE-2025-2905)
WSO2 #1: 404 to arbitrary file read
CVE-2025-2905 is a blind XXE vulnerability in WSO2 API Manager and other WSO2 products dependent on WSO2-Synapse.
crnkovic.dev
October 28, 2025 at 8:43 AM
getpokemon7.bsky.social
API管理ツール「WSO2 API Manager」の旧版にXXE脆弱性

WSO2のAPI管理ソリューション「WSO2 API Manager」の旧バージョンに脆弱性が明らかとなった。

ゲートウェイコンポーネントにXML外部実体参照(XXE)の脆弱性「CVE-2025-2905」が明らかとなったもの。「同2.0.0」および以前のバージョンが影響を受ける。

XML入力の検証が適切に行われておらず、細工されたURLパス内のXMLが制限なく処理され、リモートより認証を必要とすることなくサーバ内のファイルにアクセスすることが可能となったり、サービス拒否を引き起こすことが可能となる。
【セキュリティ ニュース】API管理ツール「WSO2 API Manager」の旧版にXXE脆弱性(1ページ目 / 全1ページ):Security NEXT
WSO2のAPI管理ソリューション「WSO2 API Manager」の旧バージョンに脆弱性が明らかとなった。 :Security NEXT
www.security-next.com
May 8, 2025 at 3:13 AM
modat-io.bsky.social
🚨 CVE-2025-2905: XXE vuln in WSO2 API Manager v2.0.0 & older. 
Unauthorisez attackers can read files or DoS your service. 

Try with Modat Magnify: 
Run this query → web.title="WSO2 API Manager" 
magnify.modat.io 

 Free access until July 1 
#CVE-2025-2905 #XXE #ModatMagnify #ThreatIntel #Infosec
Modat Magnify
magnify.modat.io
May 6, 2025 at 1:32 PM
infosec.skyfleet.blue
CVE-2025-2905 (CVSS 9.1): Critical XXE Vulnerability Found in WSO2 API Manager
CVE-2025-2905 (CVSS 9.1): Critical XXE Vulnerability Found in WSO2 API Manager
A critical XXE vulnerability (CVE-2025-2905) in WSO2 API Manager allows attackers to read files and cause DoS. Patch WSO2-2016-0151 is the solution.
securityonline.info
May 6, 2025 at 4:15 AM
dinosn.bsky.social
CVE-2025-2905 (CVSS 9.1): Critical XXE Vulnerability Found in WSO2 API Manager securityonline.info/cve-2025-290...
CVE-2025-2905 (CVSS 9.1): Critical XXE Vulnerability Found in WSO2 API Manager
A critical XXE vulnerability (CVE-2025-2905) in WSO2 API Manager allows attackers to read files and cause DoS. Patch WSO2-2016-0151 is the solution.
securityonline.info
May 6, 2025 at 2:25 AM
cve.skyfleet.blue
CVE-2025-2905 - WSO2 API Manager XXE File Disclosure and Denial of Service Vulnerability
CVE ID : CVE-2025-2905

Published : May 5, 2025, 9:15 a.m. | 58 minutes ago

Description : An XML External Entity (XXE) vulnerability exists in the gateway component of WSO2 API Manage...
CVE-2025-2905 - WSO2 API Manager XXE File Disclosure and Denial of Service Vulnerability
An XML External Entity (XXE) vulnerability exists in the gateway component of WSO2 API Manager due to insufficient validation of XML input in crafted URL paths. User-supplied XML is parsed without appropriate restrictions, enabling external entity resolution. This vulnerability can be exploited by an unauthenticated remote attacker to read files …
cvefeed.io
May 5, 2025 at 10:21 AM