CVE-2025-10611 | WSO2 API Manager REST API access control

A vulnerability described as critical has been identified in WSO2 API Manager, API Control Plane, Open Banking AM, Open Banking IAM, Identity Server, Identity Server as Key Manager, Open Banking KM, Universal Gateway, Traffic Manager, org.wso2.carbon.identity.auth.rest:org.wso2.carbon.identity.auth.service and org.wso2.carbon.identity.auth.rest:org.wso2.carbon.identity.auth.valve. Affected by this issue is some unknown functionality of the component REST API. Such manipulation leads to improper access controls.

This vulnerability is uniquely identified as CVE-2025-10611. The attack can be launched remotely. No exploit exists.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More