CNNVD-202509-3669 Information

Sep 23, 2025 cve

CNNVD ID

CNNVD-202509-3669

CVE-2025-0672

CNNVD Published: 2025-09-23

Description (Chinese)

WSO2 Identity Server（IS）是美国WSO2公司的一款身份认证服务器。 WSO2 Identity Server（IS）存在安全漏洞，该漏洞源于用户账户删除时未自动移除关联的FIDO注册数据，可能导致身份验证绕过和未授权访问。

Description (English)

WO2 Infrastructure Server (IS) is an identification server for WSO2 in the United States. There is a security loophole in WO2 Information Server (IS), which stems from the fact that the associated FIDO registration data were not automatically removed when the user account was deleted, which may result in the authentication bypassing and unauthorized access.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

WSO2

Published

2025-09-23

Last Modified

2026-02-24

References

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3134/

Patch

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3134/

Share on: