CVE-2025-10713 MEDIUM

CVE-2025-10713: XML External Entity (XXE) Vulnerability in Multiple WSO2 Products Due to Improper XML Parser Configuration

Vendor Wso2
Product WSO2 Enterprise Integrator
Weakness CWE-611 · XXE
Published November 5, 2025
Last update November 5, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

What the vulnerability does

01Description

An XML External Entity (XXE) vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-supplied XML without applying sufficient restrictions, allowing resolution of external entities. A successful attack could enable a remote, unauthenticated attacker to read sensitive files from the server's filesystem or perform denial-of-service (DoS) attacks that render affected services unavailable.

Key dates

02Disclosure timeline

November 5, 2025 CVE published
November 5, 2025 Record updated