CVE-2025-3125 | WSO2 Identity Server Admin Service Endpoint CarbonAppUploader unrestricted upload

A vulnerability, which was classified as critical, has been found in WSO2 Identity Server, Enterprise Integrator, Open Banking IAM, Identity Server as Key Manager, API Manager, API Control Plane, Universal Gateway, Traffic Manager and org.wso2.carbon.commons:org.wso2.carbon.application.upload. This issue affects the function CarbonAppUploader of the component Admin Service Endpoint. Performing manipulation results in unrestricted upload.

This vulnerability is cataloged as CVE-2025-3125. It is possible to initiate the attack remotely. There is no exploit available.

It is advisable to upgrade the affected component.

CVE-2025-3125 | WSO2 Identity Server Admin Service Endpoint CarbonAppUploader unrestricted upload

Post correlati

CVE-2024-9443 | Basticom Framework Plugin up to 1.5.0 on WordPress SVG File Upload cross site scripting

CVE-2024-12843 | Emlog Pro up to 2.4.1 /admin/plugin.php filter cross site scripting

CVE-2023-50436 | Couchbase Server up to 7.2.3 log file

CVE-2024-34954 | code-projects Budget Management 1.0 budget cross site scripting