KEV Entry

CVE-2025-5605

Known Exploited Vulnerability Entry External Catalog

Back to Catalog View Vulnerability
Entry Details
Confirmed Exploited

CVE-2025-5605

2026-02-15 00:00 UTC

Timestamps

2026-02-15

2026-02-15

Scope

KEVIntel entry: Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure | Affected: WSO2 / WSO2 Identity Server, WSO2 Enterprise Integrator, WSO2 Universal Gateway, WSO2 Traffic Manager, WSO2 API Manager, WSO2 API Control Plane, WSO2 Identity Server as Key Manager, WSO2 Open Banking AM, WSO2 Open Banking IAM, org.wso2.carbon:org.wso2.carbon.ui | CVSS: 4.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True

References
  • {'id': 'CVE-2025-5605', 'url': 'https://www.cve.org/CVERecord?id=CVE-2025-5605'}
  • {'id': 'kevintel', 'url': 'https://kevintel.com/vuln/CVE-2025-5605'}

b99b5c67-939c-4f2a-93c1-5ab2f0695fa5

caeb2787-0d58-4236-9039-7c86c3e566f3

2026-06-23 14:03 UTC

2026-06-23 14:03 UTC

Evidence
1
Type Source Signal Confidence Details GCVE Metadata
public_report kevintel successful_exploitation 0.70
View details 
{
  "added_date": "2026-02-15T00:00:00.000Z",
  "ahead_of_cisa_kev": null,
  "cvss_score": 4.3,
  "cvss_severity": "MEDIUM",
  "epss_percentile": null,
  "epss_score": null,
  "feed": "KEVIntel (kevintel.com)",
  "not_yet_in_cisa_kev": true,
  "product": "WSO2 Identity Server, WSO2 Enterprise Integrator, WSO2 Universal Gateway, WSO2 Traffic Manager, WSO2 API Manager, WSO2 API Control Plane, WSO2 Identity Server as Key Manager, WSO2 Open Banking AM, WSO2 Open Banking IAM, org.wso2.carbon:org.wso2.carbon.ui",
  "title": "Authentication Bypass via URI Manipulation in Multiple WSO2 Products\u0027 Management Console Leading to Partial Information Disclosure",
  "used_in_malware": "unknown",
  "vendor": "WSO2"
}
 -
Export Options
JSON Object JSON API View Full Catalog