A vulnerability, which was classified as critical, was found in WSO2 Identity Server and API Manager. This issue affects some unknown processing. Executing a manipulation can lead to authentication bypass using alternate channel.

This vulnerability is handled as CVE-2025-13475. The attack can be executed remotely. There is not any exploit available.

You should upgrade the affected component.