WSO2 Internal Admin API Improper Access Control
CVE-2025-9804 Published on October 16, 2025
Improper Access Control in Multiple WSO2 Products via Internal SOAP Admin Services and System REST APIs
An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized operations, including accessing server-level information.
This vulnerability affects only internal administrative interfaces. APIs exposed through the WSO2 API Manager's API Gateway remain unaffected.
Vulnerability Analysis
Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2025-9804 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2025-9804
Want to know whenever a new CVE is published for Wso2 products? stack.watch will email you.
Affected Versions
WSO2 Identity Server as Key Manager:- Before 5.3.0 is unknown.
- Version 5.3.0 and below 5.3.0.41 is affected.
- Version 5.5.0 and below 5.5.0.53 is affected.
- Version 5.6.0 and below 5.6.0.75 is affected.
- Version 5.7.0 and below 5.7.0.125 is affected.
- Version 5.9.0 and below 5.9.0.176 is affected.
- Version 5.10.0 and below 5.10.0.359 is affected.
- Before 5.2.0 is unknown.
- Version 5.2.0 and below 5.2.0.34 is affected.
- Version 5.3.0 and below 5.3.0.36 is affected.
- Version 5.4.0 and below 5.4.0.34 is affected.
- Version 5.4.1 and below 5.4.1.38 is affected.
- Version 5.5.0 and below 5.5.0.52 is affected.
- Version 5.6.0 and below 5.6.0.60 is affected.
- Version 5.7.0 and below 5.7.0.126 is affected.
- Version 5.8.0 and below 5.8.0.110 is affected.
- Version 5.9.0 and below 5.9.0.169 is affected.
- Version 5.10.0 and below 5.10.0.369 is affected.
- Version 5.11.0 and below 5.11.0.413 is affected.
- Version 6.0.0 and below 6.0.0.244 is affected.
- Version 6.1.0 and below 6.1.0.243 is affected.
- Version 7.0.0 and below 7.0.0.118 is affected.
- Version 7.1.0 and below 7.1.0.25 is affected.
- Before 1.4.0 is unknown.
- Version 1.4.0 and below 1.4.0.133 is affected.
- Version 1.5.0 and below 1.5.0.123 is affected.
- Before 2.0.0 is unknown.
- Version 2.0.0 and below 2.0.0.409 is affected.
- Before 1.4.0 is unknown.
- Version 1.4.0 and below 1.4.0.139 is affected.
- Version 1.5.0 and below 1.5.0.140 is affected.
- Version 2.0.0 and below 2.0.0.389 is affected.
- Before 2.0.0 is unknown.
- Version 2.0.0 and below 2.0.0.31 is affected.
- Version 2.1.0 and below 2.1.0.40 is affected.
- Version 2.2.0 and below 2.2.0.59 is affected.
- Version 2.5.0 and below 2.5.0.85 is affected.
- Version 2.6.0 and below 2.6.0.146 is affected.
- Version 3.0.0 and below 3.0.0.176 is affected.
- Version 3.1.0 and below 3.1.0.340 is affected.
- Version 3.2.0 and below 3.2.0.441 is affected.
- Version 3.2.1 and below 3.2.1.61 is affected.
- Version 4.0.0 and below 4.0.0.361 is affected.
- Version 4.1.0 and below 4.1.0.224 is affected.
- Version 4.2.0 and below 4.2.0.162 is affected.
- Version 4.3.0 and below 4.3.0.75 is affected.
- Version 4.4.0 and below 4.4.0.39 is affected.
- Version 4.5.0 and below 4.5.0.23 is affected.
- Before 5.2.0 is unknown.
- Version 5.2.0 and below 5.2.0.19 is affected.
- Version 5.3.0 and below 5.3.0.17 is affected.
- Version 5.5.0 and below 5.5.0.31 is affected.
- Version 5.6.0 and below 5.6.0.38 is affected.
- Before 2.0.0 is unknown.
- Version 2.0.0 and below 2.0.0.14 is affected.
- Version 2.1.0 and below 2.1.0.19 is affected.
- Version 2.2.0 and below 2.2.0.30 is affected.
- Version 2.5.0 and below 2.5.0.39 is affected.
- Before 6.2.0 is unknown.
- Version 6.2.0 and below 6.2.0.62 is affected.
- Version 6.3.0 and below 6.3.0.70 is affected.
- Before 5.0.0 is unknown.
- Version 5.0.0 and below 5.0.0.13 is affected.
- Before 3.1.0 is unknown.
- Version 3.1.0 and below 3.1.0.20 is affected.
- Version 3.2.0 and below 3.2.0.33 is affected.
- Before 2.2.0 is unknown.
- Version 2.2.0 and below 2.2.0.28 is affected.
- Version 4.5.0 and below 4.5.0.22 is affected.
- Version 4.5.0 and below 4.5.0.24 is affected.
- Version 4.5.0 and below 4.5.0.22 is affected.
- Version 2.0.10 and below 2.0.10.1 is affected.
- Version 2.0.15 and below 2.0.15.1 is affected.
- Version 2.0.21 and below 2.0.21.1 is affected.
- Version 2.0.22 and below 2.0.22.1 is affected.
- Version 2.1.12 and below 2.1.12.1 is affected.
- Version 2.1 and below 2.1.1972 is affected.
- Version 2.2 and below 2.2.24 is affected.
- Version 2.2 and below 2.2.25 is affected.
- Version 3.1.0 and below 3.1.0.74 is affected.
- Version 3.3.6 and below 3.3.6.7 is affected.
- Version 3.3.26 and below 3.3.26.2 is affected.
- Version 3.3.35 and below 3.3.35.1 is affected.
- Version 3.3.41, <= * is unaffected.
- Version 6.7.206 and below 6.7.206.567 is affected.
- Version 6.7.210 and below 6.7.210.63 is affected.
- Version 9.0.174 and below 9.0.174.522 is affected.
- Version 9.20.74 and below 9.20.74.379 is affected.
- Version 9.28.116 and below 9.28.116.360 is affected.
- Version 9.29.120 and below 9.29.120.184 is affected.
- Version 9.30.67 and below 9.30.67.109 is affected.
- Version 9.31.86 and below 9.31.86.71 is affected.
- Version 9.32.133, <= * is unaffected.
- Version 4.4.7 and below 4.4.7.6 is affected.
- Version 4.4.9 and below 4.4.9.11 is affected.
- Version 4.4.11 and below 4.4.11.9 is affected.
- Version 4.4.26 and below 4.4.26.12 is affected.
- Version 4.4.35 and below 4.4.35.44 is affected.
- Version 4.5.1 and below 4.5.1.43 is affected.
- Version 4.6.0 and below 4.6.0.1990 is affected.
- Version 4.6.1 and below 4.6.1.149 is affected.
- Version 4.6.2 and below 4.6.2.667 is affected.
- Version 4.6.3 and below 4.6.3.36 is affected.
- Version 4.6.4 and below 4.6.4.14 is affected.
- Version 4.7.1 and below 4.7.1.68 is affected.
- Version 4.8.1 and below 4.8.1.39 is affected.
- Version 4.9.0 and below 4.9.0.99 is affected.
- Version 4.9.26 and below 4.9.26.25 is affected.
- Version 4.9.27 and below 4.9.27.10 is affected.
- Version 4.9.28 and below 4.9.28.11 is affected.
- Version 4.10.9 and below 4.10.9.66 is affected.
- Version 4.10.42 and below 4.10.42.9 is affected.
- Version 4.9 and below 4.9.29 is affected.
- Version 4.10 and below 4.10.94 is affected.
- Version 5.2.0 and below 5.2.0.4 is affected.
- Version 5.2.2 and below 5.2.2.21 is affected.
- Version 5.7.5 and below 5.7.5.18 is affected.
- Version 5.11.148 and below 5.11.148.19 is affected.
- Version 5.11.256 and below 5.11.256.21 is affected.
- Version 5.12.153 and below 5.12.153.63 is affected.
- Version 5.12.387 and below 5.12.387.46 is affected.
- Version 5.14.97 and below 5.14.97.89 is affected.
- Version 5.17.5 and below 5.17.5.317 is affected.
- Version 5.17.118 and below 5.17.118.17 is affected.
- Version 5.18.187 and below 5.18.187.309 is affected.
- Version 5.18.248 and below 5.18.248.30 is affected.
- Version 5.23.8 and below 5.23.8.207 is affected.
- Version 5.24.8 and below 5.24.8.23 is affected.
- Version 5.25.92 and below 5.25.92.152 is affected.
- Version 5.25.705 and below 5.25.705.19 is affected.
- Version 5.25.713 and below 5.25.713.9 is affected.
- Version 5.25.724 and below 5.25.724.3 is affected.
- Version 7.0.78 and below 7.0.78.133 is affected.
- Version 7.8.23 and below 7.8.23.47 is affected.
- Version 5.25 and below 5.25.734 is affected.
- Version 7.8.489, <= * is unaffected.
- Version 4.4.7 and below 4.4.7.6 is affected.
- Version 4.4.9 and below 4.4.9.11 is affected.
- Version 4.4.11 and below 4.4.11.9 is affected.
- Version 4.4.26 and below 4.4.26.12 is affected.
- Version 4.4.32 and below 4.4.32.16 is affected.
- Version 4.4.35 and below 4.4.35.44 is affected.
- Version 4.5.1 and below 4.5.1.43 is affected.
- Version 4.6.0 and below 4.6.0.1990 is affected.
- Version 4.6.1 and below 4.6.1.149 is affected.
- Version 4.6.2 and below 4.6.2.667 is affected.
- Version 4.6.3 and below 4.6.3.36 is affected.
- Version 4.6.4 and below 4.6.4.14 is affected.
- Version 4.7.1 and below 4.7.1.68 is affected.
- Version 4.8.1 and below 4.8.1.39 is affected.
- Version 4.9.0 and below 4.9.0.99 is affected.
- Version 4.9.26 and below 4.9.26.25 is affected.
- Version 4.9.27 and below 4.9.27.10 is affected.
- Version 4.9.28 and below 4.9.28.11 is affected.
- Version 4.10.9 and below 4.10.9.66 is affected.
- Version 4.10.42 and below 4.10.42.9 is affected.
- Version 4.9 and below 4.9.29 is affected.
- Version 4.10 and below 4.10.94 is affected.
- Version 5.1.1 and below 5.1.1.1 is affected.
- Version 5.1.2 and below 5.1.2.1 is affected.
- Version 5.1.5 and below 5.1.5.1 is affected.
- Version 5.3.3 and below 5.3.3.1 is affected.
- Version 5.4.0 and below 5.4.0.4 is affected.
- Version 5.4.1 and below 5.4.1.5 is affected.
- Version 5.6.0 and below 5.6.0.1 is affected.
- Version 5.6.21, <= * is unaffected.
Exploit Probability
EPSS
0.03%
Percentile
9.74%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.