CNNVD-202509-3676 Information

Sep 23, 2025 cve

CNNVD ID

CNNVD-202509-3676

CVE-2025-0663

CNNVD Published: 2025-09-23

Description (Chinese)

WSO2 Identity Server（IS）是美国WSO2公司的一款身份认证服务器。 WSO2 Identity Server（IS）存在安全漏洞，该漏洞源于自适应身份验证中加密设计不当，可能导致跨租户身份验证漏洞。

Description (English)

WO2 Infrastructure Server (IS) is an identification server for WSO2 in the United States. There is a security loophole in WO2 Capacity Server (IS), which stems from the inappropriate encryption design of self-adapted authentication, which may lead to a breach of cross-tenant identification.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

WSO2

Published

2025-09-23

Last Modified

2026-02-24

References

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3864/

Patch

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3864/

Share on: