WSO2 Products XML External Entity Vulnerability Allowing File Read and Denial-of-Service

Vulnerability

A vulnerability allowing XML External Entity (XXE) attacks exists in multiple WSO2 products. This issue arises from the XML parser's improper configuration, which allows user-supplied XML to be parsed without adequate restrictions. As a result, external entities can be resolved, potentially enabling a remote, unauthenticated attacker to read sensitive files from the server's filesystem or conduct denial-of-service (DoS) attacks that disrupt affected services.

Impact

Exploitation of this vulnerability could lead to unauthorized reading of sensitive files from the server's filesystem and denial-of-service (DoS) attacks that make affected services unavailable.

Added: Nov 5, 2025, 6:23 PM

Updated: Nov 5, 2025, 6:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WSO2 Products XML External Entity Vulnerability Allowing File Read and Denial-of-Service

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating