WSO2 BPS File Upload RCE via BPEL Uploader SOAP
CVE-2025-1862 Published on September 26, 2025
Authenticated Arbitrary File Upload in Multiple WSO2 Products via BPEL Uploader SOAP Service Leading to Remote Code Execution
An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user-supplied filenames in the BPEL uploader SOAP service endpoint. A malicious actor with administrative privileges can upload arbitrary files to a user-controlled location on the server.
By leveraging this vulnerability, an attacker can upload a specially crafted payload and achieve remote code execution (RCE), potentially compromising the server and its data.
Vulnerability Analysis
CVE-2025-1862 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and a small impact on availability.
Weakness Type
What is an Unrestricted File Upload Vulnerability?
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
CVE-2025-1862 has been classified to as an Unrestricted File Upload vulnerability or weakness.
Products Associated with CVE-2025-1862
Want to know whenever a new CVE is published for Wso2 products? stack.watch will email you.
Affected Versions
WSO2 Enterprise Integrator:- Version 6.6.0 and below 6.6.0.215 is affected.
- Before 5.10.0 is unknown.
- Version 5.10.0 and below 5.10.0.347 is affected.
- Version 5.11.0 and below 5.11.0.396 is affected.
- Version 6.0.0 and below 6.0.0.232 is affected.
- Version 6.1.0 and below 6.1.0.224 is affected.
- Version 2.0.0 and below 2.0.0.391 is affected.
- Before 5.10.0 is unknown.
- Version 5.10.0 and below 5.10.0.340 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.