{"uuid": "b99b5c67-939c-4f2a-93c1-5ab2f0695fa5", "vulnerability": {"vulnId": "CVE-2025-5605", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "gna": 1, "object_uuid": "b99b5c67-939c-4f2a-93c1-5ab2f0695fa5"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-15T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-02-15T00:00:00+00:00", "recorded_at": "2026-06-23T14:02:37+00:00", "first_seen_at": "2026-02-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure | Affected: WSO2 / WSO2 Identity Server, WSO2 Enterprise Integrator, WSO2 Universal Gateway, WSO2 Traffic Manager, WSO2 API Manager, WSO2 API Control Plane, WSO2 Identity Server as Key Manager, WSO2 Open Banking AM, WSO2 Open Banking IAM, org.wso2.carbon:org.wso2.carbon.ui | CVSS: 4.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure", "vendor": "WSO2", "product": "WSO2 Identity Server, WSO2 Enterprise Integrator, WSO2 Universal Gateway, WSO2 Traffic Manager, WSO2 API Manager, WSO2 API Control Plane, WSO2 Identity Server as Key Manager, WSO2 Open Banking AM, WSO2 Open Banking IAM, org.wso2.carbon:org.wso2.carbon.ui", "added_date": "2026-02-15T00:00:00.000Z", "cvss_score": 4.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2025-5605", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5605"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-5605"}]}