WSO2 Event Processor RCE via Siddhi Exec Plan Injection
CVE-2025-5717 Published on September 23, 2025

Authenticated Remote Code Execution in Multiple WSO2 Products via Event Processor Admin Service
An authenticated remote code execution (RCE) vulnerability exists in multiple WSO2 products due to improper input validation in the event processor admin service. A user with administrative access to the SOAP admin services can exploit this flaw by deploying a Siddhi execution plan containing malicious Java code, resulting in arbitrary code execution on the server. Exploitation of this vulnerability requires a valid user account with administrative privileges, limiting the attack surface to authenticated but potentially malicious users.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
LOW
Privileges Required:
HIGH
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is a Code Injection Vulnerability?

The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVE-2025-5717 has been classified to as a Code Injection vulnerability or weakness.


Products Associated with CVE-2025-5717

Want to know whenever a new CVE is published for Wso2 Api Manager? stack.watch will email you.

Wso2 Api Manager
 

Affected Versions

WSO2 API Manager: WSO2 Open Banking AM: WSO2 Traffic Manager: WSO2 API Control Plane: WSO2 Siddhi Extension Evaluate Scripts:

Exploit Probability

EPSS
0.57%
Percentile
68.83%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.