CVE-2025-8325 - Improper Access Control via Gateway API in Multiple WSO2 Products Allows Unauthorized Operations
CVE ID :CVE-2025-8325 Published : May 11, 2026, 10:16 a.m. | 49 minutes ago Description :The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This same
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Ronin set to transition to Ethereum layer 2 from independent sidechain
- [CYBER] Python Infostealer Hides in GitHub Releases to Bypass Detection
- [CYBER] PHP SOAP Extension Flaw Could Let Attackers Execute Code Remotely
- [CYBER] Construction to Cyber PM
- [CYBER] Cyber Espionage Group Targets Aviation Firms to Steal Map Data
- [CYBER] Skoda Data Breach Hits Online Shop Customers