Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for org.wso2.carbon.commons:org.wso2.carbon.application.upload by WSO2

    CVE-2025-3125 (GCVE-0-2025-3125)

    Vulnerability from nvd – Published: 2025-11-05 14:49 – Updated: 2026-01-20 04:14
    VLAI
    Title
    Authenticated Arbitrary File Upload in Multiple WSO2 Products via CarbonAppUploader Admin Service Leading to Remote Code Execution
    Summary
    An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate privileges can upload a malicious file to a user-controlled location on the server, potentially leading to remote code execution (RCE). This functionality is restricted by default to admin users; therefore, successful exploitation requires valid credentials with administrative permissions.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 Identity Server Unknown: 0 , < 5.10.0 (custom)
    Affected: 5.10.0 , < 5.10.0.360 (custom)
    Affected: 5.11.0 , < 5.11.0.399 (custom)
    Affected: 6.0.0 , < 6.0.0.235 (custom)
    Affected: 6.1.0 , < 6.1.0.230 (custom)
    Affected: 7.0.0 , < 7.0.0.101 (custom)
    Affected: 7.1.0 , < 7.1.0.32 (custom)
    Create a notification for this product.
    WSO2 WSO2 Enterprise Integrator Unknown: 0 , < 6.6.0 (custom)
    Affected: 6.6.0 , < 6.6.0.217 (custom)
    Create a notification for this product.
    WSO2 WSO2 Open Banking IAM Unknown: 0 , < 2.0.0 (custom)
    Affected: 2.0.0 , < 2.0.0.402 (custom)
    Create a notification for this product.
    WSO2 WSO2 Identity Server as Key Manager Unknown: 0 , < 5.10.0 (custom)
    Affected: 5.10.0 , < 5.10.0.353 (custom)
    Create a notification for this product.
    WSO2 WSO2 API Manager Unknown: 0 , < 3.2.0 (custom)
    Affected: 3.2.0 , < 3.2.0.421 (custom)
    Affected: 3.2.1 , < 3.2.1.41 (custom)
    Affected: 4.0.0 , < 4.0.0.342 (custom)
    Affected: 4.1.0 , < 4.1.0.203 (custom)
    Affected: 4.2.0 , < 4.2.0.142 (custom)
    Affected: 4.3.0 , < 4.3.0.55 (custom)
    Affected: 4.4.0 , < 4.4.0.19 (custom)
    Affected: 4.5.0 , < 4.5.0.2 (custom)
    Affected: 4.6.0 , < 4.6.0.3 (custom)
    Create a notification for this product.
    WSO2 WSO2 API Control Plane Affected: 4.5.0 , < 4.5.0.2 (custom)
    Affected: 4.6.0 , < 4.6.0.3 (custom)
    Create a notification for this product.
    WSO2 WSO2 Universal Gateway Affected: 4.5.0 , < 4.5.0.2 (custom)
    Affected: 4.6.0 , < 4.6.0.3 (custom)
    Create a notification for this product.
    WSO2 WSO2 Traffic Manager Affected: 4.5.0 , < 4.5.0.2 (custom)
    Affected: 4.6.0 , < 4.6.0.3 (custom)
    Create a notification for this product.
    WSO2 org.wso2.carbon.commons:org.wso2.carbon.application.upload Affected: 4.7.19 , < 4.7.19.7 (custom)
    Affected: 4.7.32 , < 4.7.32.5 (custom)
    Affected: 4.7.35 , < 4.7.35.8 (custom)
    Affected: 4.7.39 , < 4.7.39.1 (custom)
    Affected: 4.7.49 , < 4.7.49.4 (custom)
    Affected: 4.7.52 , < 4.7.52.1 (custom)
    Affected: 4.10.13 , < 4.10.13.1 (custom)
    Unaffected: 4.9.12 , ≤ 4.9.* (custom)
    Unaffected: 4.10.24 , ≤ * (custom)
    Create a notification for this product.
    Credits
    Danh Nguyen (k4it0) from VIB Pentest Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3125",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-05T18:58:52.925152Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-05T18:59:01.426Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "5.10.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.10.0.360",
                  "status": "affected",
                  "version": "5.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.11.0.399",
                  "status": "affected",
                  "version": "5.11.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.0.235",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.0.230",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.0.0.101",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.1.0.32",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Enterprise Integrator",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "6.6.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.6.0.217",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Open Banking IAM",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "2.0.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.0.0.402",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server as Key Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "5.10.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.10.0.353",
                  "status": "affected",
                  "version": "5.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "3.2.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.0.421",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.1.41",
                  "status": "affected",
                  "version": "3.2.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.0.0.342",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.1.0.203",
                  "status": "affected",
                  "version": "4.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.0.142",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.0.55",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.0.19",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.0.2",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.0.3",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Control Plane",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.2",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.0.3",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Universal Gateway",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.2",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.0.3",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Traffic Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.2",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.0.3",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "packageName": "org.wso2.carbon.commons:org.wso2.carbon.application.upload",
              "product": "org.wso2.carbon.commons:org.wso2.carbon.application.upload",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.7.19.7",
                  "status": "affected",
                  "version": "4.7.19",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.32.5",
                  "status": "affected",
                  "version": "4.7.32",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.35.8",
                  "status": "affected",
                  "version": "4.7.35",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.39.1",
                  "status": "affected",
                  "version": "4.7.39",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.49.4",
                  "status": "affected",
                  "version": "4.7.49",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.52.1",
                  "status": "affected",
                  "version": "4.7.52",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.13.1",
                  "status": "affected",
                  "version": "4.10.13",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.9.*",
                  "status": "unaffected",
                  "version": "4.9.12",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "4.10.24",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.0.360",
                      "versionStartIncluding": "5.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.11.0.399",
                      "versionStartIncluding": "5.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.0.235",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.0.230",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.0.101",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.0.32",
                      "versionStartIncluding": "7.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_enterprise_integrator:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.0.217",
                      "versionStartIncluding": "6.6.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_open_banking_iam:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.0.402",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server_as_key_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.0.353",
                      "versionStartIncluding": "5.10.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.2.0.421",
                      "versionStartIncluding": "3.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.2.1.41",
                      "versionStartIncluding": "3.2.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.0.0.342",
                      "versionStartIncluding": "4.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.1.0.203",
                      "versionStartIncluding": "4.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.2.0.142",
                      "versionStartIncluding": "4.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.3.0.55",
                      "versionStartIncluding": "4.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.4.0.19",
                      "versionStartIncluding": "4.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.2",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.3",
                      "versionStartIncluding": "4.6.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_control_plane:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.2",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_control_plane:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.3",
                      "versionStartIncluding": "4.6.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_universal_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.2",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_universal_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.3",
                      "versionStartIncluding": "4.6.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_traffic_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.2",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_traffic_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.3",
                      "versionStartIncluding": "4.6.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:org.wso2.carbon.commons_org.wso2.carbon.application.upload:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.19.7",
                      "versionStartIncluding": "4.7.19",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:org.wso2.carbon.commons_org.wso2.carbon.application.upload:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.32.5",
                      "versionStartIncluding": "4.7.32",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:org.wso2.carbon.commons_org.wso2.carbon.application.upload:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.35.8",
                      "versionStartIncluding": "4.7.35",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:org.wso2.carbon.commons_org.wso2.carbon.application.upload:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.39.1",
                      "versionStartIncluding": "4.7.39",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:org.wso2.carbon.commons_org.wso2.carbon.application.upload:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.49.4",
                      "versionStartIncluding": "4.7.49",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:org.wso2.carbon.commons_org.wso2.carbon.application.upload:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.52.1",
                      "versionStartIncluding": "4.7.52",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:org.wso2.carbon.commons_org.wso2.carbon.application.upload:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.10.13.1",
                      "versionStartIncluding": "4.10.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:org.wso2.carbon.commons_org.wso2.carbon.application.upload:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "4.9.*",
                      "versionStartIncluding": "4.9.12",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:org.wso2.carbon.commons_org.wso2.carbon.application.upload:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "*",
                      "versionStartIncluding": "4.10.24",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Danh Nguyen (k4it0) from VIB Pentest Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate privileges can upload a malicious file to a user-controlled location on the server, potentially leading to remote code execution (RCE).\u003cbr\u003e\u003cbr\u003eThis functionality is restricted by default to admin users; therefore, successful exploitation requires valid credentials with administrative permissions.\u003cbr\u003e"
                }
              ],
              "value": "An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate privileges can upload a malicious file to a user-controlled location on the server, potentially leading to remote code execution (RCE).\n\nThis functionality is restricted by default to admin users; therefore, successful exploitation requires valid credentials with administrative permissions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-20T04:14:55.775Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3961/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3961/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3961/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on  https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3961/#solution https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3961/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2025-3961",
            "discovery": "EXTERNAL"
          },
          "title": "Authenticated Arbitrary File Upload in Multiple WSO2 Products via CarbonAppUploader Admin Service Leading to Remote Code Execution",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2025-3125",
        "datePublished": "2025-11-05T14:49:44.597Z",
        "dateReserved": "2025-04-02T15:12:12.137Z",
        "dateUpdated": "2026-01-20T04:14:55.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-3125 (GCVE-0-2025-3125)

    Vulnerability from cvelistv5 – Published: 2025-11-05 14:49 – Updated: 2026-01-20 04:14
    VLAI
    Title
    Authenticated Arbitrary File Upload in Multiple WSO2 Products via CarbonAppUploader Admin Service Leading to Remote Code Execution
    Summary
    An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate privileges can upload a malicious file to a user-controlled location on the server, potentially leading to remote code execution (RCE). This functionality is restricted by default to admin users; therefore, successful exploitation requires valid credentials with administrative permissions.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 Identity Server Unknown: 0 , < 5.10.0 (custom)
    Affected: 5.10.0 , < 5.10.0.360 (custom)
    Affected: 5.11.0 , < 5.11.0.399 (custom)
    Affected: 6.0.0 , < 6.0.0.235 (custom)
    Affected: 6.1.0 , < 6.1.0.230 (custom)
    Affected: 7.0.0 , < 7.0.0.101 (custom)
    Affected: 7.1.0 , < 7.1.0.32 (custom)
    Create a notification for this product.
    WSO2 WSO2 Enterprise Integrator Unknown: 0 , < 6.6.0 (custom)
    Affected: 6.6.0 , < 6.6.0.217 (custom)
    Create a notification for this product.
    WSO2 WSO2 Open Banking IAM Unknown: 0 , < 2.0.0 (custom)
    Affected: 2.0.0 , < 2.0.0.402 (custom)
    Create a notification for this product.
    WSO2 WSO2 Identity Server as Key Manager Unknown: 0 , < 5.10.0 (custom)
    Affected: 5.10.0 , < 5.10.0.353 (custom)
    Create a notification for this product.
    WSO2 WSO2 API Manager Unknown: 0 , < 3.2.0 (custom)
    Affected: 3.2.0 , < 3.2.0.421 (custom)
    Affected: 3.2.1 , < 3.2.1.41 (custom)
    Affected: 4.0.0 , < 4.0.0.342 (custom)
    Affected: 4.1.0 , < 4.1.0.203 (custom)
    Affected: 4.2.0 , < 4.2.0.142 (custom)
    Affected: 4.3.0 , < 4.3.0.55 (custom)
    Affected: 4.4.0 , < 4.4.0.19 (custom)
    Affected: 4.5.0 , < 4.5.0.2 (custom)
    Affected: 4.6.0 , < 4.6.0.3 (custom)
    Create a notification for this product.
    WSO2 WSO2 API Control Plane Affected: 4.5.0 , < 4.5.0.2 (custom)
    Affected: 4.6.0 , < 4.6.0.3 (custom)
    Create a notification for this product.
    WSO2 WSO2 Universal Gateway Affected: 4.5.0 , < 4.5.0.2 (custom)
    Affected: 4.6.0 , < 4.6.0.3 (custom)
    Create a notification for this product.
    WSO2 WSO2 Traffic Manager Affected: 4.5.0 , < 4.5.0.2 (custom)
    Affected: 4.6.0 , < 4.6.0.3 (custom)
    Create a notification for this product.
    WSO2 org.wso2.carbon.commons:org.wso2.carbon.application.upload Affected: 4.7.19 , < 4.7.19.7 (custom)
    Affected: 4.7.32 , < 4.7.32.5 (custom)
    Affected: 4.7.35 , < 4.7.35.8 (custom)
    Affected: 4.7.39 , < 4.7.39.1 (custom)
    Affected: 4.7.49 , < 4.7.49.4 (custom)
    Affected: 4.7.52 , < 4.7.52.1 (custom)
    Affected: 4.10.13 , < 4.10.13.1 (custom)
    Unaffected: 4.9.12 , ≤ 4.9.* (custom)
    Unaffected: 4.10.24 , ≤ * (custom)
    Create a notification for this product.
    Credits
    Danh Nguyen (k4it0) from VIB Pentest Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3125",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-05T18:58:52.925152Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-05T18:59:01.426Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "5.10.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.10.0.360",
                  "status": "affected",
                  "version": "5.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.11.0.399",
                  "status": "affected",
                  "version": "5.11.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.0.235",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.0.230",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.0.0.101",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.1.0.32",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Enterprise Integrator",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "6.6.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.6.0.217",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Open Banking IAM",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "2.0.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.0.0.402",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server as Key Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "5.10.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.10.0.353",
                  "status": "affected",
                  "version": "5.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "3.2.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.0.421",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.1.41",
                  "status": "affected",
                  "version": "3.2.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.0.0.342",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.1.0.203",
                  "status": "affected",
                  "version": "4.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.0.142",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.0.55",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.0.19",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.0.2",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.0.3",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Control Plane",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.2",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.0.3",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Universal Gateway",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.2",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.0.3",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Traffic Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.2",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.0.3",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "packageName": "org.wso2.carbon.commons:org.wso2.carbon.application.upload",
              "product": "org.wso2.carbon.commons:org.wso2.carbon.application.upload",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.7.19.7",
                  "status": "affected",
                  "version": "4.7.19",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.32.5",
                  "status": "affected",
                  "version": "4.7.32",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.35.8",
                  "status": "affected",
                  "version": "4.7.35",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.39.1",
                  "status": "affected",
                  "version": "4.7.39",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.49.4",
                  "status": "affected",
                  "version": "4.7.49",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.52.1",
                  "status": "affected",
                  "version": "4.7.52",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.13.1",
                  "status": "affected",
                  "version": "4.10.13",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.9.*",
                  "status": "unaffected",
                  "version": "4.9.12",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "4.10.24",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.0.360",
                      "versionStartIncluding": "5.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.11.0.399",
                      "versionStartIncluding": "5.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.0.235",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.0.230",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.0.101",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.0.32",
                      "versionStartIncluding": "7.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_enterprise_integrator:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.0.217",
                      "versionStartIncluding": "6.6.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_open_banking_iam:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.0.402",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server_as_key_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.0.353",
                      "versionStartIncluding": "5.10.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.2.0.421",
                      "versionStartIncluding": "3.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.2.1.41",
                      "versionStartIncluding": "3.2.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.0.0.342",
                      "versionStartIncluding": "4.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.1.0.203",
                      "versionStartIncluding": "4.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.2.0.142",
                      "versionStartIncluding": "4.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.3.0.55",
                      "versionStartIncluding": "4.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.4.0.19",
                      "versionStartIncluding": "4.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.2",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.3",
                      "versionStartIncluding": "4.6.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_control_plane:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.2",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_control_plane:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.3",
                      "versionStartIncluding": "4.6.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_universal_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.2",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_universal_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.3",
                      "versionStartIncluding": "4.6.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_traffic_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.2",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_traffic_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.3",
                      "versionStartIncluding": "4.6.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:org.wso2.carbon.commons_org.wso2.carbon.application.upload:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.19.7",
                      "versionStartIncluding": "4.7.19",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:org.wso2.carbon.commons_org.wso2.carbon.application.upload:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.32.5",
                      "versionStartIncluding": "4.7.32",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:org.wso2.carbon.commons_org.wso2.carbon.application.upload:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.35.8",
                      "versionStartIncluding": "4.7.35",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:org.wso2.carbon.commons_org.wso2.carbon.application.upload:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.39.1",
                      "versionStartIncluding": "4.7.39",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:org.wso2.carbon.commons_org.wso2.carbon.application.upload:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.49.4",
                      "versionStartIncluding": "4.7.49",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:org.wso2.carbon.commons_org.wso2.carbon.application.upload:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.52.1",
                      "versionStartIncluding": "4.7.52",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:org.wso2.carbon.commons_org.wso2.carbon.application.upload:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.10.13.1",
                      "versionStartIncluding": "4.10.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:org.wso2.carbon.commons_org.wso2.carbon.application.upload:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "4.9.*",
                      "versionStartIncluding": "4.9.12",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:org.wso2.carbon.commons_org.wso2.carbon.application.upload:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "*",
                      "versionStartIncluding": "4.10.24",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Danh Nguyen (k4it0) from VIB Pentest Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate privileges can upload a malicious file to a user-controlled location on the server, potentially leading to remote code execution (RCE).\u003cbr\u003e\u003cbr\u003eThis functionality is restricted by default to admin users; therefore, successful exploitation requires valid credentials with administrative permissions.\u003cbr\u003e"
                }
              ],
              "value": "An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate privileges can upload a malicious file to a user-controlled location on the server, potentially leading to remote code execution (RCE).\n\nThis functionality is restricted by default to admin users; therefore, successful exploitation requires valid credentials with administrative permissions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-20T04:14:55.775Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3961/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3961/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3961/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on  https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3961/#solution https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3961/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2025-3961",
            "discovery": "EXTERNAL"
          },
          "title": "Authenticated Arbitrary File Upload in Multiple WSO2 Products via CarbonAppUploader Admin Service Leading to Remote Code Execution",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2025-3125",
        "datePublished": "2025-11-05T14:49:44.597Z",
        "dateReserved": "2025-04-02T15:12:12.137Z",
        "dateUpdated": "2026-01-20T04:14:55.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }