CVE-2025-9312 | WSO2 API Manager mTLS missing authentication

A vulnerability identified as critical has been detected in WSO2 API Manager, API Control Plane, Traffic Manager, Universal Gateway, Identity Server as Key Manager, Identity Server, Open Banking KM, Open Banking AM, Open Banking IAM and org.wso2.carbon.identity.auth.service. The affected element is an unknown function of the component mTLS. The manipulation leads to missing authentication.

This vulnerability is traded as CVE-2025-9312. It is possible to initiate the attack remotely. There is no exploit available.

You should upgrade the affected component.VulDB Recent EntriesRead More