Wso2 api manager
This hub aggregates every CVE we track for Wso2 api manager, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.
46
CVEs tracked
8
Critical
6
High
1
In CISA KEV
Severity distribution
MEDIUM31CRITICAL8HIGH6LOW1
Monthly trend
0
0
0
0
0
0
0
2
0
0
5
5
0
0
4
5
8
0
0
2
0
5
2
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Wso2 api manager.
- CVE-2025-8325Improper Access Control via Gateway API in Multiple WSO2 Products Allows Unauthorized Operations6.3
- CVE-2025-8154HTTP Header Injection via Webhook API in Multiple WSO2 Products Allows Response Header Manipulation5.3
- CVE-2025-6024Cross-Site Scripting via Authentication Endpoint in Multiple WSO2 Products Allows Redirection to Malicious Websites6.1
- CVE-2024-10242Reflected Cross-Site Scripting via Authentication Endpoint in WSO2 API Manager Allows UI Modification and Redirection6.1
- CVE-2024-8010XML External Entity Injection via Publisher in WSO2 API Manager Allows Reading Arbitrary Files3.5
- CVE-2024-4867Cross-Site Scripting via Developer Portal in WSO2 API Manager Enables UI Modification and Information Retrieval5.4
- CVE-2024-2374XML External Entity Injection in Multiple WSO2 Products Allows Arbitrary file read and Denial of Service7.5
- CVE-2024-1524A local user can be impersonated when using federated authentication with Silent JIT Provisioning.7.7
- CVE-2025-13590Authenticated arbitrary file upload via a System REST API requiring administrator permission.9.1
- CVE-2025-9312Improper Certificate-Based Authentication Enforcement in Multiple WSO2 Products9.8
- CVE-2025-6670Cross-Site Request Forgery (CSRF) in Multiple WSO2 Products via HTTP GET in Admin Services8.8
- CVE-2025-10853Reflected Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products Due to Improper Output Encoding5.2
- CVE-2025-5770Reflected Cross-Site Scripting (XSS) in Authentication Endpoints of Multiple WSO2 Products6.1
- CVE-2025-11093Arbitrary Code Execution with higher privileged users in Multiple WSO2 Products via Script Mediator Engines (GraalJS and NashornJS)8.4
- CVE-2025-10907Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Services Leading to Remote Code Execution8.4
Product normalization is registry-driven with AI assist and human review. How it works