CVE-2025-5350 | WSO2 Identity Server Try-It Feature server-side request forgery

A vulnerability described as critical has been identified in WSO2 Identity Server, Enterprise Integrator, API Manager, Universal Gateway, Traffic Manager, API Control Plane, Open Banking AM, Open Banking IAM, Identity Server as Key Manager and org.wso2.carbon:org.wso2.carbon.ui. Affected is an unknown function of the component Try-It Feature. Such manipulation leads to server-side request forgery.

This vulnerability is listed as CVE-2025-5350. The attack must be carried out from within the local network. There is no available exploit.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More