Filtered by vendor Wso2
Subscriptions
Filtered by product Org.wso2.carbon.commons Org.wso2.carbon.application.upload
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3125 | 1 Wso2 | 18 Api Control Plane, Api Manager, Carbon and 15 more | 2026-01-20 | 6.7 Medium |
| An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate privileges can upload a malicious file to a user-controlled location on the server, potentially leading to remote code execution (RCE). This functionality is restricted by default to admin users; therefore, successful exploitation requires valid credentials with administrative permissions. | ||||
Page 1 of 1.