CNNVD-202509-4155 Information

CNNVD ID

CNNVD-202509-4155

Related CVE

CVE-2025-1862

• CNNVD Published: 2025-09-26

Description (Chinese)

WSO2 Enterprise Integrator是美国WSO2公司的一套开源的混合集成平台。该平台支持多个应用程序之间进行通信。 WSO2 Enterprise Integrator存在安全漏洞，该漏洞源于BPEL上传器SOAP服务端点未正确验证用户提供的文件名，可能导致任意文件上传。

Description (English)

WSO2 Enterprise Integrator is an open-source, hybrid integrated platform for WSO2 in the United States. The platform supports communication between multiple applications. WO2 Enterprise Integrator has a security loophole, which results from the BPEL uploader SOAP service endpoint not correctly authenticating the file name provided by the user and may lead to any upload.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

WSO2

Published

2025-09-26

Last Modified

2026-02-24

References

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3992/ https://access.redhat.com/security/cve/cve-2025-1862

Patch

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3992/