Authenticated Remote Code Execution in Multiple WSO2 Products via Event Processor Admin Service
CVE-2025-5717

6.7MEDIUM

Key Information:

Vendor: Wso2
Status: Wso2 Api Manager; Wso2 Open Banking Am; Wso2 Traffic Manager; Wso2 Api Control Plane
Vendor: CVE Published:; 23 September 2025

What is CVE-2025-5717?

An authenticated remote code execution (RCE) vulnerability exists in multiple WSO2 products due to improper input validation in the event processor admin service. A user with administrative access to the SOAP admin services can exploit this flaw by deploying a Siddhi execution plan containing malicious Java code, resulting in arbitrary code execution on the server.

Exploitation of this vulnerability requires a valid user account with administrative privileges, limiting the attack surface to authenticated but potentially malicious users.

Affected Version(s)

Siddhi Extension Evaluate Scripts 3.2.6 < 3.2.6.8

Siddhi Extension Evaluate Scripts 3.2.7 < 3.2.7.6

Siddhi Extension Evaluate Scripts 3.2.8 < 3.2.8.3

References

https://security.docs.wso2.com/en/latest/security-announc...

vendor-advisory

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2025
Vulnerability Reserved
Jun 5, 2025

Credit

Noël MACCARY

JSON

Wso2

What is CVE-2025-5717?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit