CVE-2025-11093 | WSO2 Micro Integrator Script Mediator Engine code injection

A vulnerability was found in WSO2 Micro Integrator, API Manager, Enterprise Integrator, Universal Gateway, API Control Plane, Traffic Manager, Open Banking IAM, Open Banking AM, Identity Server as Key Manager, org.apache.synapse:synapse-core and org.apache.synapse:synapse-extensions. It has been classified as critical. The affected element is an unknown function of the component Script Mediator Engine. This manipulation causes code injection.

This vulnerability is registered as CVE-2025-11093. The attack requires access to the local network. No exploit is available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More